ECR.Client.
create_repository
(**kwargs)¶Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_repository(
registryId='string',
repositoryName='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
imageScanningConfiguration={
'scanOnPush': True|False
},
encryptionConfiguration={
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
)
[REQUIRED]
The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app
).
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.
A value
acts as a descriptor within a tag category (key).
MUTABLE
will be used which will allow image tags to be overwritten. If IMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was created.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr
namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test
.
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push
and pull
operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.InvalidTagParameterException
ECR.Client.exceptions.TooManyTagsException
ECR.Client.exceptions.RepositoryAlreadyExistsException
ECR.Client.exceptions.LimitExceededException
ECR.Client.exceptions.KmsException
Examples
This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account.
response = client.create_repository(
repositoryName='project-a/nginx-web-app',
)
print(response)
Expected Output:
{
'repository': {
'registryId': '012345678901',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app',
'repositoryName': 'project-a/nginx-web-app',
},
'ResponseMetadata': {
'...': '...',
},
}