Class: Aws::ECR::Client

Inherits:
Seahorse::Client::Base
  • Object
show all
Includes:
ClientStubs
Defined in:
lib/aws-sdk-ecr/client.rb

Overview

An API client for ECR. To construct a client, you need to configure a ‘:region` and `:credentials`.

client = Aws::ECR::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).

See #initialize for a full list of supported configuration options.

Class Attribute Summary collapse

API Operations collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :plugins (Array<Seahorse::Client::Plugin>) — default: []]

    A list of plugins to apply to the client. Each plugin is either a class name or an instance of a plugin class.

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials used for authentication. This can be any class that includes and implements ‘Aws::CredentialProvider`, or instance of any one of the following classes:

    • ‘Aws::Credentials` - Used for configuring static, non-refreshing credentials.

    • ‘Aws::SharedCredentials` - Used for loading static credentials from a shared file, such as `~/.aws/config`.

    • ‘Aws::AssumeRoleCredentials` - Used when you need to assume a role.

    • ‘Aws::AssumeRoleWebIdentityCredentials` - Used when you need to assume a role after providing credentials via the web.

    • ‘Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an access token generated from `aws login`.

    • ‘Aws::ProcessCredentials` - Used for loading credentials from a process that outputs to stdout.

    • ‘Aws::InstanceProfileCredentials` - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • ‘Aws::ECSCredentials` - Used for loading credentials from instances running in ECS.

    • ‘Aws::CognitoIdentityCredentials` - Used for loading credentials from the Cognito Identity service.

    When ‘:credentials` are not configured directly, the following locations will be searched for credentials:

    • Aws.config`

    • The ‘:access_key_id`, `:secret_access_key`, `:session_token`, and `:account_id` options.

    • ENV`, `ENV`, `ENV`, and `ENV`.

    • ‘~/.aws/credentials`

    • ‘~/.aws/config`

    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of ‘Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting `ENV` to `true`.

  • :region (required, String)

    The AWS region to connect to. The configured ‘:region` is used to determine the service `:endpoint`. When not passed, a default `:region` is searched for in the following locations:

  • :access_key_id (String)
  • :account_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to ‘true`, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to `false`.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in ‘adaptive` retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a `RetryCapacityNotAvailableError` and will not retry instead of sleeping.

  • :auth_scheme_preference (Array<String>)

    A list of preferred authentication schemes to use when making a request. Supported values are: ‘sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV` or in shared config as `auth_scheme_preference`, the value should be a comma-separated list.

  • :client_side_monitoring (Boolean) — default: false

    When ‘true`, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When ‘true`, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in ‘standard` and `adaptive` retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :defaults_mode (String) — default: "legacy"

    See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

  • :disable_host_prefix_injection (Boolean) — default: false

    When ‘true`, the SDK will not prepend the modeled host prefix to the endpoint.

  • :disable_request_compression (Boolean) — default: false

    When set to ‘true’ the request body will not be compressed for supported operations.

  • :endpoint (String, URI::HTTPS, URI::HTTP)

    Normally you should not configure the ‘:endpoint` option directly. This is normally constructed from the `:region` option. Configuring `:endpoint` is normally reserved for connecting to test or custom endpoints. The endpoint should be a URI formatted like:

    'http://example.com'
'https://example.com'
'http://example.com:123'
  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to ‘true`, endpoint discovery will be enabled for operations when available.

  • :ignore_configured_endpoint_urls (Boolean)

    Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the ‘:logger` at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in ‘standard` and `adaptive` retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at ‘HOME/.aws/credentials`. When not specified, ’default’ is used.

  • :request_checksum_calculation (String) — default: "when_supported"

    Determines when a checksum will be calculated for request payloads. Values are:

    • ‘when_supported` - (default) When set, a checksum will be calculated for all request payloads of operations modeled with the `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a `requestAlgorithmMember` is modeled.

    • ‘when_required` - When set, a checksum will only be calculated for request payloads of operations modeled with the `httpChecksum` trait where `requestChecksumRequired` is `true` or where a `requestAlgorithmMember` is modeled and supplied.

  • :request_min_compression_size_bytes (Integer) — default: 10240

    The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive.

  • :response_checksum_validation (String) — default: "when_supported"

    Determines when checksum validation will be performed on response payloads. Values are:

    • ‘when_supported` - (default) When set, checksum validation is performed on all response payloads of operations modeled with the `httpChecksum` trait where `responseAlgorithms` is modeled, except when no modeled checksum algorithms are supported.

    • ‘when_required` - When set, checksum validation is not performed on response payloads of operations unless the checksum algorithm is supported and the `requestValidationModeMember` member is set to `ENABLED`.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the ‘legacy` retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the ‘legacy` retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the ‘legacy` retry mode.

    @see www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the ‘legacy` retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the ‘legacy` retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • ‘legacy` - The pre-existing retry behavior. This is the default value if no retry mode is provided.

    • ‘standard` - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • ‘adaptive` - A retry mode that includes all the functionality of `standard` mode along with automatic client side throttling.

  • :sdk_ua_app_id (String)

    A unique and opaque application ID that is appended to the User-Agent header as app/sdk_ua_app_id. It should have a maximum length of 50. This variable is sourced from environment variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.

  • :secret_access_key (String)
  • :session_token (String)
  • :sigv4a_signing_region_set (Array)

    A list of regions that should be signed with SigV4a signing. When not passed, a default ‘:sigv4a_signing_region_set` is searched for in the following locations:

  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disables response data type conversions. The request parameters hash must be formatted exactly as the API expects.This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    ** Please note ** When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :telemetry_provider (Aws::Telemetry::TelemetryProviderBase) — default: Aws::Telemetry::NoOpTelemetryProvider

    Allows you to provide a telemetry provider, which is used to emit telemetry data. By default, uses ‘NoOpTelemetryProvider` which will not record or emit any telemetry data. The SDK supports the following telemetry providers:

    • OpenTelemetry (OTel) - To use the OTel provider, install and require the

    ‘opentelemetry-sdk` gem and then, pass in an instance of a `Aws::Telemetry::OTelProvider` for telemetry provider.

  • :token_provider (Aws::TokenProvider)

    Your Bearer token used for authentication. This can be any class that includes and implements ‘Aws::TokenProvider`, or instance of any one of the following classes:

    • ‘Aws::StaticTokenProvider` - Used for configuring static, non-refreshing tokens.

    • ‘Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an access token generated from `aws login`.

    When ‘:token_provider` is not configured directly, the `Aws::TokenProviderChain` will be used to search for tokens configured for your profile in shared configuration files.

  • :use_dualstack_endpoint (Boolean)

    When set to ‘true`, dualstack enabled endpoints (with `.aws` TLD) will be used if available.

  • :use_fips_endpoint (Boolean)

    When set to ‘true`, fips compatible endpoints will be used if available. When a `fips` region is used, the region is normalized and this config is set to `true`.

  • :validate_params (Boolean) — default: true

    When ‘true`, request parameters are validated before sending the request.

  • :endpoint_provider (Aws::ECR::EndpointProvider)

    The endpoint provider used to resolve endpoints. Any object that responds to ‘#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::ECR::EndpointParameters`.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has “Expect” header set to “100-continue”. Defaults to ‘nil` which disables this behaviour. This value can safely be set per request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_open_timeout (Float) — default: 15

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like ‘proxy.com:123’.

  • :http_read_timeout (Float) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_wire_trace (Boolean) — default: false

    When ‘true`, HTTP debug output will be sent to the `:logger`.

  • :on_chunk_received (Proc)

    When a Proc object is provided, it will be used as callback when each chunk of the response body is received. It provides three arguments: the chunk, the number of bytes received, and the total number of bytes in the response (or nil if the server did not send a ‘content-length`).

  • :on_chunk_sent (Proc)

    When a Proc object is provided, it will be used as callback when each chunk of the request body is sent. It provides three arguments: the chunk, the number of bytes read from the body, and the total number of bytes in the body.

  • :raise_response_errors (Boolean) — default: true

    When ‘true`, response errors are raised.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass ‘:ssl_ca_bundle` or `:ssl_ca_directory` the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass ‘:ssl_ca_bundle` or `:ssl_ca_directory` the the system default will be used if available.

  • :ssl_ca_store (String)

    Sets the X509::Store to verify peer certificate.

  • :ssl_cert (OpenSSL::X509::Certificate)

    Sets a client certificate when creating http connections.

  • :ssl_key (OpenSSL::PKey)

    Sets a client key when creating http connections.

  • :ssl_timeout (Float)

    Sets the SSL timeout in seconds

  • :ssl_verify_peer (Boolean) — default: true

    When ‘true`, SSL peer certificates are verified when establishing a connection.



478
479
480
 
# File 'lib/aws-sdk-ecr/client.rb', line 478

def initialize(*args)
  super
end

Class Attribute Details

.identifierObject (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



4656
4657
4658
 
# File 'lib/aws-sdk-ecr/client.rb', line 4656

def identifier
  @identifier
end

Class Method Details

.errors_moduleObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



4659
4660
4661
 
# File 'lib/aws-sdk-ecr/client.rb', line 4659

def errors_module
  Errors
end

Instance Method Details

#batch_check_layer_availability(params = {}) ⇒ Types::BatchCheckLayerAvailabilityResponse

Checks the availability of one or more image layers in a repository.

When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.batch_check_layer_availability({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  layer_digests: ["BatchedOperationLayerDigest"], # required
})

Response structure


resp.layers #=> Array
resp.layers[0].layer_digest #=> String
resp.layers[0].layer_availability #=> String, one of "AVAILABLE", "UNAVAILABLE", "ARCHIVED"
resp.layers[0].layer_size #=> Integer
resp.layers[0].media_type #=> String
resp.failures #=> Array
resp.failures[0].layer_digest #=> String
resp.failures[0].failure_code #=> String, one of "InvalidLayerDigest", "MissingLayerDigest"
resp.failures[0].failure_reason #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the image layers to check. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that is associated with the image layers to check.

  • :layer_digests (required, Array<String>)

    The digests of the image layers to check.

Returns:

See Also:



537
538
539
540
 
# File 'lib/aws-sdk-ecr/client.rb', line 537

def batch_check_layer_availability(params = {}, options = {})
  req = build_request(:batch_check_layer_availability, params)
  req.send_request(options)
end

#batch_delete_image(params = {}) ⇒ Types::BatchDeleteImageResponse

Deletes a list of specified images within a repository. Images are specified with either an ‘imageTag` or `imageDigest`.

You can remove a tag from an image by specifying the image’s tag in your request. When you remove the last tag from an image, the image is deleted from your repository.

You can completely delete an image (and all of its tags) by specifying the image’s digest in your request.

Examples:

Example: To delete multiple images


# This example deletes images with the tags precise and trusty in a repository called ubuntu in the default registry for
# an account.

resp = client.batch_delete_image({
  image_ids: [
    {
      image_tag: "precise", 
    }, 
  ], 
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  failures: [
  ], 
  image_ids: [
    {
      image_digest: "sha256:examplee6d1e504117a17000003d3753086354a38375961f2e665416ef4b1b2f", 
      image_tag: "precise", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_delete_image({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_ids: [ # required
    {
      image_digest: "ImageDigest",
      image_tag: "ImageTag",
    },
  ],
})

Response structure


resp.image_ids #=> Array
resp.image_ids[0].image_digest #=> String
resp.image_ids[0].image_tag #=> String
resp.failures #=> Array
resp.failures[0].image_id.image_digest #=> String
resp.failures[0].image_id.image_tag #=> String
resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag", "ImageReferencedByManifestList", "KmsError", "UpstreamAccessDenied", "UpstreamTooManyRequests", "UpstreamUnavailable", "ImageInaccessible"
resp.failures[0].failure_reason #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the image to delete. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The repository that contains the image to delete.

  • :image_ids (required, Array<Types::ImageIdentifier>)

    A list of image ID references that correspond to images to delete. The format of the ‘imageIds` reference is `imageTag=tag` or `imageDigest=digest`.

Returns:

See Also:



625
626
627
628
 
# File 'lib/aws-sdk-ecr/client.rb', line 625

def batch_delete_image(params = {}, options = {})
  req = build_request(:batch_delete_image, params)
  req.send_request(options)
end

#batch_get_image(params = {}) ⇒ Types::BatchGetImageResponse

Gets detailed information for an image. Images are specified with either an ‘imageTag` or `imageDigest`.

When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.

Examples:

Example: To obtain multiple images in a single request


# This example obtains information for an image with a specified image digest ID from the repository named ubuntu in the
# current account.

resp = client.batch_get_image({
  image_ids: [
    {
      image_tag: "precise", 
    }, 
  ], 
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  failures: [
  ], 
  images: [
    {
      image_id: {
        image_digest: "sha256:example76bdff6d83a09ba2a818f0d00000063724a9ac3ba5019c56f74ebf42a", 
        image_tag: "precise", 
      }, 
      image_manifest: "{\n \"schemaVersion\": 1,\n \"name\": \"ubuntu\",\n \"tag\": \"precise\",\n...", 
      registry_id: "244698725403", 
      repository_name: "ubuntu", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.batch_get_image({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_ids: [ # required
    {
      image_digest: "ImageDigest",
      image_tag: "ImageTag",
    },
  ],
  accepted_media_types: ["MediaType"],
})

Response structure


resp.images #=> Array
resp.images[0].registry_id #=> String
resp.images[0].repository_name #=> String
resp.images[0].image_id.image_digest #=> String
resp.images[0].image_id.image_tag #=> String
resp.images[0].image_manifest #=> String
resp.images[0].image_manifest_media_type #=> String
resp.failures #=> Array
resp.failures[0].image_id.image_digest #=> String
resp.failures[0].image_id.image_tag #=> String
resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag", "ImageReferencedByManifestList", "KmsError", "UpstreamAccessDenied", "UpstreamTooManyRequests", "UpstreamUnavailable", "ImageInaccessible"
resp.failures[0].failure_reason #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the images to describe. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The repository that contains the images to describe.

  • :image_ids (required, Array<Types::ImageIdentifier>)

    A list of image ID references that correspond to images to describe. The format of the ‘imageIds` reference is `imageTag=tag` or `imageDigest=digest`.

  • :accepted_media_types (Array<String>)

    The accepted media types for the request.

    Valid values: ‘application/vnd.docker.distribution.manifest.v1+json` | `application/vnd.docker.distribution.manifest.v2+json` | `application/vnd.oci.image.manifest.v1+json`

Returns:

See Also:



726
727
728
729
 
# File 'lib/aws-sdk-ecr/client.rb', line 726

def batch_get_image(params = {}, options = {})
  req = build_request(:batch_get_image, params)
  req.send_request(options)
end

#batch_get_repository_scanning_configuration(params = {}) ⇒ Types::BatchGetRepositoryScanningConfigurationResponse

Gets the scanning configuration for one or more repositories.

Examples:

Request syntax with placeholder values


resp = client.batch_get_repository_scanning_configuration({
  repository_names: ["RepositoryName"], # required
})

Response structure


resp.scanning_configurations #=> Array
resp.scanning_configurations[0].repository_arn #=> String
resp.scanning_configurations[0].repository_name #=> String
resp.scanning_configurations[0].scan_on_push #=> Boolean
resp.scanning_configurations[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
resp.scanning_configurations[0].applied_scan_filters #=> Array
resp.scanning_configurations[0].applied_scan_filters[0].filter #=> String
resp.scanning_configurations[0].applied_scan_filters[0].filter_type #=> String, one of "WILDCARD"
resp.failures #=> Array
resp.failures[0].repository_name #=> String
resp.failures[0].failure_code #=> String, one of "REPOSITORY_NOT_FOUND"
resp.failures[0].failure_reason #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :repository_names (required, Array<String>)

    One or more repository names to get the scanning configuration for.

Returns:

See Also:



766
767
768
769
 
# File 'lib/aws-sdk-ecr/client.rb', line 766

def batch_get_repository_scanning_configuration(params = {}, options = {})
  req = build_request(:batch_get_repository_scanning_configuration, params)
  req.send_request(options)
end

#build_request(operation_name, params = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • params ({}) (defaults to: {}) 


4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
 
# File 'lib/aws-sdk-ecr/client.rb', line 4514

def build_request(operation_name, params = {})
  handlers = @handlers.for(operation_name)
  tracer = config.telemetry_provider.tracer_provider.tracer(
    Aws::Telemetry.module_to_tracer_name('Aws::ECR')
  )
  context = Seahorse::Client::RequestContext.new(
    operation_name: operation_name,
    operation: config.api.operation(operation_name),
    client: self,
    params: params,
    config: config,
    tracer: tracer
  )
  context[:gem_name] = 'aws-sdk-ecr'
  context[:gem_version] = '1.129.0'
  Seahorse::Client::Request.new(handlers, context)
end

#complete_layer_upload(params = {}) ⇒ Types::CompleteLayerUploadResponse

Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a ‘sha256` digest of the image layer for data validation purposes.

When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.complete_layer_upload({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  upload_id: "UploadId", # required
  layer_digests: ["LayerDigest"], # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.upload_id #=> String
resp.layer_digest #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to which to upload layers. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to associate with the image layer.

  • :upload_id (required, String)

    The upload ID from a previous InitiateLayerUpload operation to associate with the image layer.

  • :layer_digests (required, Array<String>)

    The ‘sha256` digest of the image layer.

Returns:

See Also:



827
828
829
830
 
# File 'lib/aws-sdk-ecr/client.rb', line 827

def complete_layer_upload(params = {}, options = {})
  req = build_request(:complete_layer_upload, params)
  req.send_request(options)
end

#create_pull_through_cache_rule(params = {}) ⇒ Types::CreatePullThroughCacheRuleResponse

Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see [Using pull through cache rules] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html

Examples:

Request syntax with placeholder values


resp = client.create_pull_through_cache_rule({
  ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
  upstream_registry_url: "Url", # required
  registry_id: "RegistryId",
  upstream_registry: "ecr", # accepts ecr, ecr-public, quay, k8s, docker-hub, github-container-registry, azure-container-registry, gitlab-container-registry, chainguard
  credential_arn: "CredentialArn",
  custom_role_arn: "CustomRoleArn",
  upstream_repository_prefix: "PullThroughCacheRuleRepositoryPrefix",
})

Response structure


resp.ecr_repository_prefix #=> String
resp.upstream_registry_url #=> String
resp.created_at #=> Time
resp.registry_id #=> String
resp.upstream_registry #=> String, one of "ecr", "ecr-public", "quay", "k8s", "docker-hub", "github-container-registry", "azure-container-registry", "gitlab-container-registry", "chainguard"
resp.credential_arn #=> String
resp.custom_role_arn #=> String
resp.upstream_repository_prefix #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :ecr_repository_prefix (required, String)

    The repository name prefix to use when caching images from the source registry.

    There is always an assumed ‘/` applied to the end of the prefix. If you specify `ecr-public` as the prefix, Amazon ECR treats that as `ecr-public/`.

  • :upstream_registry_url (required, String)

    The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.

    • Amazon ECR (‘ecr`) – `<accountId>.dkr.ecr.<region>.amazonaws.com`

    • Amazon ECR Public (‘ecr-public`) – `public.ecr.aws`

    • Docker Hub (‘docker-hub`) – `registry-1.docker.io`

    • GitHub Container Registry (‘github-container-registry`) – `ghcr.io`

    • GitLab Container Registry (‘gitlab-container-registry`) –`registry.gitlab.com`

    • Kubernetes (‘k8s`) – `registry.k8s.io`

    • Microsoft Azure Container Registry (‘azure-container-registry`) –`<custom>.azurecr.io`

    • Quay (‘quay`) – `quay.io`

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.

  • :upstream_registry (String)

    The name of the upstream registry.

  • :credential_arn (String)

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

  • :custom_role_arn (String)

    Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.

  • :upstream_repository_prefix (String)

    The repository name prefix of the upstream registry to match with the upstream repository name. When this field isn’t specified, Amazon ECR will use the ‘ROOT`.

Returns:

See Also:



933
934
935
936
 
# File 'lib/aws-sdk-ecr/client.rb', line 933

def create_pull_through_cache_rule(params = {}, options = {})
  req = build_request(:create_pull_through_cache_rule, params)
  req.send_request(options)
end

#create_repository(params = {}) ⇒ Types::CreateRepositoryResponse

Creates a repository. For more information, see [Amazon ECR repositories] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html

Examples:

Example: To create a new repository


# This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an
# account.

resp = client.create_repository({
  repository_name: "project-a/nginx-web-app", 
})

resp.to_h outputs the following:
{
  repository: {
    registry_id: "012345678901", 
    repository_arn: "arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app", 
    repository_name: "project-a/nginx-web-app", 
  }, 
}

Request syntax with placeholder values


resp = client.create_repository({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
  image_tag_mutability: "MUTABLE", # accepts MUTABLE, IMMUTABLE, IMMUTABLE_WITH_EXCLUSION, MUTABLE_WITH_EXCLUSION
  image_tag_mutability_exclusion_filters: [
    {
      filter_type: "WILDCARD", # required, accepts WILDCARD
      filter: "ImageTagMutabilityExclusionFilterValue", # required
    },
  ],
  image_scanning_configuration: {
    scan_on_push: false,
  },
  encryption_configuration: {
    encryption_type: "AES256", # required, accepts AES256, KMS, KMS_DSSE
    kms_key: "KmsKey",
  },
})

Response structure


resp.repository.repository_arn #=> String
resp.repository.registry_id #=> String
resp.repository.repository_name #=> String
resp.repository.repository_uri #=> String
resp.repository.created_at #=> Time
resp.repository.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository.image_tag_mutability_exclusion_filters #=> Array
resp.repository.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository.image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository.image_scanning_configuration.scan_on_push #=> Boolean
resp.repository.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository.encryption_configuration.kms_key #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name to use for the repository. The repository name may be specified on its own (such as ‘nginx-web-app`) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app`).

    The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.

  • :tags (Array<Types::Tag>)

    The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • :image_tag_mutability (String)

    The tag mutability setting for the repository. If this parameter is omitted, the default setting of ‘MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

  • :image_tag_mutability_exclusion_filters (Array<Types::ImageTagMutabilityExclusionFilter>)

    A list of filters that specify which image tags should be excluded from the repository’s image tag mutability setting.

  • :image_scanning_configuration (Types::ImageScanningConfiguration)

    The ‘imageScanningConfiguration` parameter is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see `PutRegistryScanningConfiguration`.

    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.

  • :encryption_configuration (Types::EncryptionConfiguration)

    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

Returns:

See Also:



1060
1061
1062
1063
 
# File 'lib/aws-sdk-ecr/client.rb', line 1060

def create_repository(params = {}, options = {})
  req = build_request(:create_repository, params)
  req.send_request(options)
end

#create_repository_creation_template(params = {}) ⇒ Types::CreateRepositoryCreationTemplateResponse

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see [Private repository creation templates] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/repository-creation-templates.html

Examples:

Example: Create a new repository creation template


# This example creates a repository creation template.

resp = client.create_repository_creation_template({
  applied_for: [
    "REPLICATION", 
    "PULL_THROUGH_CACHE", 
    "CREATE_ON_PUSH", 
  ], 
  description: "Repos for testing images", 
  encryption_configuration: {
    encryption_type: "AES256", 
  }, 
  image_tag_mutability: "MUTABLE", 
  lifecycle_policy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
  prefix: "eng/test", 
  repository_policy: "{\r\n  \"Version\": \"2012-10-17\",\r\n  \"Statement\": [\r\n    {\r\n      \"Sid\": \"LambdaECRPullPolicy\",\r\n      \"Effect\": \"Allow\",\r\n      \"Principal\": {\r\n        \"Service\": \"lambda.amazonaws.com\"\r\n      },\r\n      \"Action\": \"ecr:BatchGetImage\"\r\n    }\r\n  ]\r\n}", 
  resource_tags: [
    {
      key: "environment", 
      value: "test", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  registry_id: "012345678901", 
  repository_creation_template: {
    applied_for: [
      "REPLICATION", 
      "PULL_THROUGH_CACHE", 
      "CREATE_ON_PUSH", 
    ], 
    created_at: Time.parse("2023-12-16T17:29:02-07:00"), 
    description: "Repos for testing images", 
    encryption_configuration: {
      encryption_type: "AES256", 
    }, 
    image_tag_mutability: "MUTABLE", 
    lifecycle_policy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
    prefix: "eng/test", 
    repository_policy: "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"LambdaECRPullPolicy\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"Service\" : \"lambda.amazonaws.com\"\n    },\n    \"Action\" : \"ecr:BatchGetImage\"\n  } ]\n}", 
    resource_tags: [
      {
        key: "environment", 
        value: "test", 
      }, 
    ], 
    updated_at: Time.parse("2023-12-16T17:29:02-07:00"), 
  }, 
}

Request syntax with placeholder values


resp = client.create_repository_creation_template({
  prefix: "Prefix", # required
  description: "RepositoryTemplateDescription",
  encryption_configuration: {
    encryption_type: "AES256", # required, accepts AES256, KMS, KMS_DSSE
    kms_key: "KmsKeyForRepositoryCreationTemplate",
  },
  resource_tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
  image_tag_mutability: "MUTABLE", # accepts MUTABLE, IMMUTABLE, IMMUTABLE_WITH_EXCLUSION, MUTABLE_WITH_EXCLUSION
  image_tag_mutability_exclusion_filters: [
    {
      filter_type: "WILDCARD", # required, accepts WILDCARD
      filter: "ImageTagMutabilityExclusionFilterValue", # required
    },
  ],
  repository_policy: "RepositoryPolicyText",
  lifecycle_policy: "LifecyclePolicyTextForRepositoryCreationTemplate",
  applied_for: ["REPLICATION"], # required, accepts REPLICATION, PULL_THROUGH_CACHE, CREATE_ON_PUSH
  custom_role_arn: "CustomRoleArn",
})

Response structure


resp.registry_id #=> String
resp.repository_creation_template.prefix #=> String
resp.repository_creation_template.description #=> String
resp.repository_creation_template.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository_creation_template.encryption_configuration.kms_key #=> String
resp.repository_creation_template.resource_tags #=> Array
resp.repository_creation_template.resource_tags[0].key #=> String
resp.repository_creation_template.resource_tags[0].value #=> String
resp.repository_creation_template.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository_creation_template.image_tag_mutability_exclusion_filters #=> Array
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository_creation_template.repository_policy #=> String
resp.repository_creation_template.lifecycle_policy #=> String
resp.repository_creation_template.applied_for #=> Array
resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
resp.repository_creation_template.custom_role_arn #=> String
resp.repository_creation_template.created_at #=> Time
resp.repository_creation_template.updated_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :prefix (required, String)

    The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of ‘prod` would apply to all repositories beginning with `prod/`. Similarly, a prefix of `prod/team` would apply to all repositories beginning with `prod/team/`.

    To apply a template to all repositories in your registry that don’t have an associated creation template, you can use ‘ROOT` as the prefix.

    There is always an assumed ‘/` applied to the end of the prefix. If you specify `ecr-public` as the prefix, Amazon ECR treats that as `ecr-public/`. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.

  • :description (String)

    A description for the repository creation template.

  • :encryption_configuration (Types::EncryptionConfigurationForRepositoryCreationTemplate)

    The encryption configuration to use for repositories created using the template.

  • :resource_tags (Array<Types::Tag>)

    The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • :image_tag_mutability (String)

    The tag mutability setting for the repository. If this parameter is omitted, the default setting of ‘MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

  • :image_tag_mutability_exclusion_filters (Array<Types::ImageTagMutabilityExclusionFilter>)

    A list of filters that specify which image tags should be excluded from the repository creation template’s image tag mutability setting.

  • :repository_policy (String)

    The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

  • :lifecycle_policy (String)

    The lifecycle policy to use for repositories created using the template.

  • :applied_for (required, Array<String>)

    A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The supported scenarios are ‘PULL_THROUGH_CACHE`, `REPLICATION`, and `CREATE_ON_PUSH`

  • :custom_role_arn (String)

    The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn’t specified, Amazon ECR will use the service-linked role for the repository creation template.

Returns:

See Also:



1254
1255
1256
1257
 
# File 'lib/aws-sdk-ecr/client.rb', line 1254

def create_repository_creation_template(params = {}, options = {})
  req = build_request(:create_repository_creation_template, params)
  req.send_request(options)
end

#delete_lifecycle_policy(params = {}) ⇒ Types::DeleteLifecyclePolicyResponse

Deletes the lifecycle policy associated with the specified repository.

Examples:

Request syntax with placeholder values


resp = client.delete_lifecycle_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.lifecycle_policy_text #=> String
resp.last_evaluated_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository.

Returns:

See Also:



1294
1295
1296
1297
 
# File 'lib/aws-sdk-ecr/client.rb', line 1294

def delete_lifecycle_policy(params = {}, options = {})
  req = build_request(:delete_lifecycle_policy, params)
  req.send_request(options)
end

#delete_pull_through_cache_rule(params = {}) ⇒ Types::DeletePullThroughCacheRuleResponse

Deletes a pull through cache rule.

Examples:

Request syntax with placeholder values


resp = client.delete_pull_through_cache_rule({
  ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
  registry_id: "RegistryId",
})

Response structure


resp.ecr_repository_prefix #=> String
resp.upstream_registry_url #=> String
resp.created_at #=> Time
resp.registry_id #=> String
resp.credential_arn #=> String
resp.custom_role_arn #=> String
resp.upstream_repository_prefix #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :ecr_repository_prefix (required, String)

    The Amazon ECR repository prefix associated with the pull through cache rule to delete.

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Returns:

See Also:



1341
1342
1343
1344
 
# File 'lib/aws-sdk-ecr/client.rb', line 1341

def delete_pull_through_cache_rule(params = {}, options = {})
  req = build_request(:delete_pull_through_cache_rule, params)
  req.send_request(options)
end

#delete_registry_policy(params = {}) ⇒ Types::DeleteRegistryPolicyResponse

Deletes the registry permissions policy.

Examples:

Response structure


resp.registry_id #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



1362
1363
1364
1365
 
# File 'lib/aws-sdk-ecr/client.rb', line 1362

def delete_registry_policy(params = {}, options = {})
  req = build_request(:delete_registry_policy, params)
  req.send_request(options)
end

#delete_repository(params = {}) ⇒ Types::DeleteRepositoryResponse

Deletes a repository. If the repository isn’t empty, you must either delete the contents of the repository or use the ‘force` option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

Examples:

Example: To force delete a repository


# This example force deletes a repository named ubuntu in the default registry for an account. The force parameter is
# required if the repository contains images.

resp = client.delete_repository({
  force: true, 
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  repository: {
    registry_id: "012345678901", 
    repository_arn: "arn:aws:ecr:us-west-2:012345678901:repository/ubuntu", 
    repository_name: "ubuntu", 
  }, 
}

Request syntax with placeholder values


resp = client.delete_repository({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  force: false,
})

Response structure


resp.repository.repository_arn #=> String
resp.repository.registry_id #=> String
resp.repository.repository_name #=> String
resp.repository.repository_uri #=> String
resp.repository.created_at #=> Time
resp.repository.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository.image_tag_mutability_exclusion_filters #=> Array
resp.repository.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository.image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository.image_scanning_configuration.scan_on_push #=> Boolean
resp.repository.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository.encryption_configuration.kms_key #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to delete.

  • :force (Boolean)

    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.

Returns:

See Also:



1436
1437
1438
1439
 
# File 'lib/aws-sdk-ecr/client.rb', line 1436

def delete_repository(params = {}, options = {})
  req = build_request(:delete_repository, params)
  req.send_request(options)
end

#delete_repository_creation_template(params = {}) ⇒ Types::DeleteRepositoryCreationTemplateResponse

Deletes a repository creation template.

Examples:

Example: Delete a repository creation template


# This example deletes a repository creation template.

resp = client.delete_repository_creation_template({
  prefix: "eng", 
})

resp.to_h outputs the following:
{
  registry_id: "012345678901", 
  repository_creation_template: {
    created_at: Time.parse("2023-12-03T16:27:57.933000-08:00"), 
    encryption_configuration: {
      encryption_type: "AES256", 
    }, 
    image_tag_mutability: "MUTABLE", 
    prefix: "eng", 
    updated_at: Time.parse("2023-12-03T16:27:57.933000-08:00"), 
  }, 
}

Request syntax with placeholder values


resp = client.delete_repository_creation_template({
  prefix: "Prefix", # required
})

Response structure


resp.registry_id #=> String
resp.repository_creation_template.prefix #=> String
resp.repository_creation_template.description #=> String
resp.repository_creation_template.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository_creation_template.encryption_configuration.kms_key #=> String
resp.repository_creation_template.resource_tags #=> Array
resp.repository_creation_template.resource_tags[0].key #=> String
resp.repository_creation_template.resource_tags[0].value #=> String
resp.repository_creation_template.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository_creation_template.image_tag_mutability_exclusion_filters #=> Array
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository_creation_template.repository_policy #=> String
resp.repository_creation_template.lifecycle_policy #=> String
resp.repository_creation_template.applied_for #=> Array
resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
resp.repository_creation_template.custom_role_arn #=> String
resp.repository_creation_template.created_at #=> Time
resp.repository_creation_template.updated_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :prefix (required, String)

    The repository namespace prefix associated with the repository creation template.

Returns:

See Also:



1507
1508
1509
1510
 
# File 'lib/aws-sdk-ecr/client.rb', line 1507

def delete_repository_creation_template(params = {}, options = {})
  req = build_request(:delete_repository_creation_template, params)
  req.send_request(options)
end

#delete_repository_policy(params = {}) ⇒ Types::DeleteRepositoryPolicyResponse

Deletes the repository policy associated with the specified repository.

Examples:

Example: To delete the policy associated with a repository


# This example deletes the policy associated with the repository named ubuntu in the current account.

resp = client.delete_repository_policy({
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  policy_text: "{ ... }", 
  registry_id: "012345678901", 
  repository_name: "ubuntu", 
}

Request syntax with placeholder values


resp = client.delete_repository_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that is associated with the repository policy to delete.

Returns:

See Also:



1563
1564
1565
1566
 
# File 'lib/aws-sdk-ecr/client.rb', line 1563

def delete_repository_policy(params = {}, options = {})
  req = build_request(:delete_repository_policy, params)
  req.send_request(options)
end

#delete_signing_configuration(params = {}) ⇒ Types::DeleteSigningConfigurationResponse

Deletes the registry’s signing configuration. Images pushed after deletion of the signing configuration will no longer be automatically signed.

For more information, see [Managed signing] in the *Amazon Elastic Container Registry User Guide*.

<note markdown=“1”> Deleting the signing configuration does not affect existing image signatures.

</note>

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html

Examples:

Response structure


resp.registry_id #=> String
resp.signing_configuration.rules #=> Array
resp.signing_configuration.rules[0].signing_profile_arn #=> String
resp.signing_configuration.rules[0].repository_filters #=> Array
resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



1602
1603
1604
1605
 
# File 'lib/aws-sdk-ecr/client.rb', line 1602

def delete_signing_configuration(params = {}, options = {})
  req = build_request(:delete_signing_configuration, params)
  req.send_request(options)
end

#deregister_pull_time_update_exclusion(params = {}) ⇒ Types::DeregisterPullTimeUpdateExclusionResponse

Removes a principal from the pull time update exclusion list for a registry. Once removed, Amazon ECR will resume updating the pull time if the specified principal pulls an image.

Examples:

Example: To remove a principal from the pull time exclusion list


# This example removes an IAM role from the pull time update exclusion list. Amazon ECR will resume recording image pull
# timestamps for this principal.

resp = client.deregister_pull_time_update_exclusion({
  principal_arn: "arn:aws:iam::012345678910:role/ECRAccess", 
})

resp.to_h outputs the following:
{
  principal_arn: "arn:aws:iam::012345678910:role/ECRAccess", 
}

Request syntax with placeholder values


resp = client.deregister_pull_time_update_exclusion({
  principal_arn: "PrincipalArn", # required
})

Response structure


resp.principal_arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :principal_arn (required, String)

    The ARN of the IAM principal to remove from the pull time update exclusion list.

Returns:

See Also:



1648
1649
1650
1651
 
# File 'lib/aws-sdk-ecr/client.rb', line 1648

def deregister_pull_time_update_exclusion(params = {}, options = {})
  req = build_request(:deregister_pull_time_update_exclusion, params)
  req.send_request(options)
end

#describe_image_replication_status(params = {}) ⇒ Types::DescribeImageReplicationStatusResponse

Returns the replication status for a specified image.

Examples:

Request syntax with placeholder values


resp = client.describe_image_replication_status({
  repository_name: "RepositoryName", # required
  image_id: { # required
    image_digest: "ImageDigest",
    image_tag: "ImageTag",
  },
  registry_id: "RegistryId",
})

Response structure


resp.repository_name #=> String
resp.image_id.image_digest #=> String
resp.image_id.image_tag #=> String
resp.replication_statuses #=> Array
resp.replication_statuses[0].region #=> String
resp.replication_statuses[0].registry_id #=> String
resp.replication_statuses[0].status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED"
resp.replication_statuses[0].failure_code #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :repository_name (required, String)

    The name of the repository that the image is in.

  • :image_id (required, Types::ImageIdentifier)

    An object with identifying information for an image in an Amazon ECR repository.

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry. If you do not specify a registry, the default registry is assumed.

Returns:

See Also:



1698
1699
1700
1701
 
# File 'lib/aws-sdk-ecr/client.rb', line 1698

def describe_image_replication_status(params = {}, options = {})
  req = build_request(:describe_image_replication_status, params)
  req.send_request(options)
end

#describe_image_scan_findings(params = {}) ⇒ Types::DescribeImageScanFindingsResponse

Returns the scan findings for the specified image.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

The following waiters are defined for this operation (see #wait_until for detailed usage):

* image_scan_complete

Examples:

Request syntax with placeholder values


resp = client.describe_image_scan_findings({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_id: { # required
    image_digest: "ImageDigest",
    image_tag: "ImageTag",
  },
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.image_id.image_digest #=> String
resp.image_id.image_tag #=> String
resp.image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE", "LIMIT_EXCEEDED", "IMAGE_ARCHIVED"
resp.image_scan_status.description #=> String
resp.image_scan_findings.image_scan_completed_at #=> Time
resp.image_scan_findings.vulnerability_source_updated_at #=> Time
resp.image_scan_findings.finding_severity_counts #=> Hash
resp.image_scan_findings.finding_severity_counts["FindingSeverity"] #=> Integer
resp.image_scan_findings.findings #=> Array
resp.image_scan_findings.findings[0].name #=> String
resp.image_scan_findings.findings[0].description #=> String
resp.image_scan_findings.findings[0].uri #=> String
resp.image_scan_findings.findings[0].severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL", "UNDEFINED"
resp.image_scan_findings.findings[0].attributes #=> Array
resp.image_scan_findings.findings[0].attributes[0].key #=> String
resp.image_scan_findings.findings[0].attributes[0].value #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
resp.image_scan_findings.enhanced_findings #=> Array
resp.image_scan_findings.enhanced_findings[0]. #=> String
resp.image_scan_findings.enhanced_findings[0].description #=> String
resp.image_scan_findings.enhanced_findings[0].finding_arn #=> String
resp.image_scan_findings.enhanced_findings[0].first_observed_at #=> Time
resp.image_scan_findings.enhanced_findings[0].last_observed_at #=> Time
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss #=> Array
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].base_score #=> Float
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].scoring_vector #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].source #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].version #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.reference_urls #=> Array
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.reference_urls[0] #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.related_vulnerabilities #=> Array
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.related_vulnerabilities[0] #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.source #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.source_url #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_created_at #=> Time
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_severity #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_updated_at #=> Time
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerability_id #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages #=> Array
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].arch #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].epoch #=> Integer
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].file_path #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].name #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].package_manager #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].release #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].source_layer_hash #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].version #=> String
resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].fixed_in_version #=> String
resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.url #=> String
resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.text #=> String
resp.image_scan_findings.enhanced_findings[0].resources #=> Array
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.architecture #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.author #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_hash #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_tags #=> Array
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_tags[0] #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.platform #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.pushed_at #=> Time
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.last_in_use_at #=> Time
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.in_use_count #=> Integer
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.registry #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.repository_name #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].id #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].tags #=> Hash
resp.image_scan_findings.enhanced_findings[0].resources[0].tags["TagKey"] #=> String
resp.image_scan_findings.enhanced_findings[0].resources[0].type #=> String
resp.image_scan_findings.enhanced_findings[0].score #=> Float
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments #=> Array
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments[0].metric #=> String
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments[0].reason #=> String
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.score #=> Float
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.score_source #=> String
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.scoring_vector #=> String
resp.image_scan_findings.enhanced_findings[0].score_details.cvss.version #=> String
resp.image_scan_findings.enhanced_findings[0].severity #=> String
resp.image_scan_findings.enhanced_findings[0].status #=> String
resp.image_scan_findings.enhanced_findings[0].title #=> String
resp.image_scan_findings.enhanced_findings[0].type #=> String
resp.image_scan_findings.enhanced_findings[0].updated_at #=> Time
resp.image_scan_findings.enhanced_findings[0].fix_available #=> String
resp.image_scan_findings.enhanced_findings[0].exploit_available #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The repository for the image for which to describe the scan findings.

  • :image_id (required, Types::ImageIdentifier)

    An object with identifying information for an image in an Amazon ECR repository.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `DescribeImageScanFindings` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is null when there are no more results to return.

  • :max_results (Integer)

    The maximum number of image scan results returned by ‘DescribeImageScanFindings` in paginated output. When this parameter is used, `DescribeImageScanFindings` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `DescribeImageScanFindings` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `DescribeImageScanFindings` returns up to 100 results and a `nextToken` value, if applicable.

Returns:

See Also:



1855
1856
1857
1858
 
# File 'lib/aws-sdk-ecr/client.rb', line 1855

def describe_image_scan_findings(params = {}, options = {})
  req = build_request(:describe_image_scan_findings, params)
  req.send_request(options)
end

#describe_image_signing_status(params = {}) ⇒ Types::DescribeImageSigningStatusResponse

Returns the signing status for a specified image. If the image matched signing rules that reference different signing profiles, a status is returned for each profile.

For more information, see [Managed signing] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html

Examples:

Request syntax with placeholder values


resp = client.describe_image_signing_status({
  repository_name: "RepositoryName", # required
  image_id: { # required
    image_digest: "ImageDigest",
    image_tag: "ImageTag",
  },
  registry_id: "RegistryId",
})

Response structure


resp.repository_name #=> String
resp.image_id.image_digest #=> String
resp.image_id.image_tag #=> String
resp.registry_id #=> String
resp.signing_statuses #=> Array
resp.signing_statuses[0].signing_profile_arn #=> String
resp.signing_statuses[0].failure_code #=> String
resp.signing_statuses[0].failure_reason #=> String
resp.signing_statuses[0].status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :repository_name (required, String)

    The name of the repository that contains the image.

  • :image_id (required, Types::ImageIdentifier)

    An object containing identifying information for an image.

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

Returns:

See Also:



1916
1917
1918
1919
 
# File 'lib/aws-sdk-ecr/client.rb', line 1916

def describe_image_signing_status(params = {}, options = {})
  req = build_request(:describe_image_signing_status, params)
  req.send_request(options)
end

#describe_images(params = {}) ⇒ Types::DescribeImagesResponse

Returns metadata about the images in a repository.

<note markdown=“1”> Starting with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the ‘docker images` command shows the uncompressed image size. Therefore, Docker might return a larger image than the image shown in the Amazon Web Services Management Console.

</note>

The new version of Amazon ECR *Basic Scanning* doesn’t use the ImageDetail$imageScanFindingsSummary and ImageDetail$imageScanStatus attributes from the API response to return scan results. Use the DescribeImageScanFindings API instead. For more information about Amazon Web Services native basic scanning, see [ Scan images for software vulnerabilities in Amazon ECR].

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.describe_images({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_ids: [
    {
      image_digest: "ImageDigest",
      image_tag: "ImageTag",
    },
  ],
  next_token: "NextToken",
  max_results: 1,
  filter: {
    tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
    image_status: "ACTIVE", # accepts ACTIVE, ARCHIVED, ACTIVATING, ANY
  },
})

Response structure


resp.image_details #=> Array
resp.image_details[0].registry_id #=> String
resp.image_details[0].repository_name #=> String
resp.image_details[0].image_digest #=> String
resp.image_details[0].image_tags #=> Array
resp.image_details[0].image_tags[0] #=> String
resp.image_details[0].image_size_in_bytes #=> Integer
resp.image_details[0].image_pushed_at #=> Time
resp.image_details[0].image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE", "LIMIT_EXCEEDED", "IMAGE_ARCHIVED"
resp.image_details[0].image_scan_status.description #=> String
resp.image_details[0].image_scan_findings_summary.image_scan_completed_at #=> Time
resp.image_details[0].image_scan_findings_summary.vulnerability_source_updated_at #=> Time
resp.image_details[0].image_scan_findings_summary.finding_severity_counts #=> Hash
resp.image_details[0].image_scan_findings_summary.finding_severity_counts["FindingSeverity"] #=> Integer
resp.image_details[0].image_manifest_media_type #=> String
resp.image_details[0].artifact_media_type #=> String
resp.image_details[0].last_recorded_pull_time #=> Time
resp.image_details[0].subject_manifest_digest #=> String
resp.image_details[0].image_status #=> String, one of "ACTIVE", "ARCHIVED", "ACTIVATING"
resp.image_details[0].last_archived_at #=> Time
resp.image_details[0].last_activated_at #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The repository that contains the images to describe.

  • :image_ids (Array<Types::ImageIdentifier>)

    The list of image IDs for the requested repository.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `DescribeImages` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return. This option cannot be used when you specify images with `imageIds`.

  • :max_results (Integer)

    The maximum number of repository results returned by ‘DescribeImages` in paginated output. When this parameter is used, `DescribeImages` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `DescribeImages` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `DescribeImages` returns up to 100 results and a `nextToken` value, if applicable. This option cannot be used when you specify images with `imageIds`.

  • :filter (Types::DescribeImagesFilter)

    The filter key and value with which to filter your ‘DescribeImages` results.

Returns:

See Also:



2031
2032
2033
2034
 
# File 'lib/aws-sdk-ecr/client.rb', line 2031

def describe_images(params = {}, options = {})
  req = build_request(:describe_images, params)
  req.send_request(options)
end

#describe_pull_through_cache_rules(params = {}) ⇒ Types::DescribePullThroughCacheRulesResponse

Returns the pull through cache rules for a registry.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.describe_pull_through_cache_rules({
  registry_id: "RegistryId",
  ecr_repository_prefixes: ["PullThroughCacheRuleRepositoryPrefix"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.pull_through_cache_rules #=> Array
resp.pull_through_cache_rules[0].ecr_repository_prefix #=> String
resp.pull_through_cache_rules[0].upstream_registry_url #=> String
resp.pull_through_cache_rules[0].created_at #=> Time
resp.pull_through_cache_rules[0].registry_id #=> String
resp.pull_through_cache_rules[0].credential_arn #=> String
resp.pull_through_cache_rules[0].custom_role_arn #=> String
resp.pull_through_cache_rules[0].upstream_repository_prefix #=> String
resp.pull_through_cache_rules[0].upstream_registry #=> String, one of "ecr", "ecr-public", "quay", "k8s", "docker-hub", "github-container-registry", "azure-container-registry", "gitlab-container-registry", "chainguard"
resp.pull_through_cache_rules[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.

  • :ecr_repository_prefixes (Array<String>)

    The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `DescribePullThroughCacheRulesRequest` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is null when there are no more results to return.

  • :max_results (Integer)

    The maximum number of pull through cache rules returned by ‘DescribePullThroughCacheRulesRequest` in paginated output. When this parameter is used, `DescribePullThroughCacheRulesRequest` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `DescribePullThroughCacheRulesRequest` request with the returned `nextToken` value. This value can be between 1 and

    1. If this parameter is not used, then

    ‘DescribePullThroughCacheRulesRequest` returns up to 100 results and a `nextToken` value, if applicable.

Returns:

See Also:



2102
2103
2104
2105
 
# File 'lib/aws-sdk-ecr/client.rb', line 2102

def describe_pull_through_cache_rules(params = {}, options = {})
  req = build_request(:describe_pull_through_cache_rules, params)
  req.send_request(options)
end

#describe_registry(params = {}) ⇒ Types::DescribeRegistryResponse

Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.

Examples:

Response structure


resp.registry_id #=> String
resp.replication_configuration.rules #=> Array
resp.replication_configuration.rules[0].destinations #=> Array
resp.replication_configuration.rules[0].destinations[0].region #=> String
resp.replication_configuration.rules[0].destinations[0].registry_id #=> String
resp.replication_configuration.rules[0].repository_filters #=> Array
resp.replication_configuration.rules[0].repository_filters[0].filter #=> String
resp.replication_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "PREFIX_MATCH"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



2131
2132
2133
2134
 
# File 'lib/aws-sdk-ecr/client.rb', line 2131

def describe_registry(params = {}, options = {})
  req = build_request(:describe_registry, params)
  req.send_request(options)
end

#describe_repositories(params = {}) ⇒ Types::DescribeRepositoriesResponse

Describes image repositories in a registry.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To describe all repositories in the current account


# The following example obtains a list and description of all repositories in the default registry to which the current
# user has access.

resp = client.describe_repositories({
})

resp.to_h outputs the following:
{
  repositories: [
    {
      registry_id: "012345678910", 
      repository_arn: "arn:aws:ecr:us-west-2:012345678910:repository/ubuntu", 
      repository_name: "ubuntu", 
    }, 
    {
      registry_id: "012345678910", 
      repository_arn: "arn:aws:ecr:us-west-2:012345678910:repository/test", 
      repository_name: "test", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.describe_repositories({
  registry_id: "RegistryId",
  repository_names: ["RepositoryName"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.repositories #=> Array
resp.repositories[0].repository_arn #=> String
resp.repositories[0].registry_id #=> String
resp.repositories[0].repository_name #=> String
resp.repositories[0].repository_uri #=> String
resp.repositories[0].created_at #=> Time
resp.repositories[0].image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repositories[0].image_tag_mutability_exclusion_filters #=> Array
resp.repositories[0].image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repositories[0].image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repositories[0].image_scanning_configuration.scan_on_push #=> Boolean
resp.repositories[0].encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repositories[0].encryption_configuration.kms_key #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.

  • :repository_names (Array<String>)

    A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `DescribeRepositories` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return. This option cannot be used when you specify repositories with `repositoryNames`.

    <note markdown=“1”> This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    </note>
  • :max_results (Integer)

    The maximum number of repository results returned by ‘DescribeRepositories` in paginated output. When this parameter is used, `DescribeRepositories` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `DescribeRepositories` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `DescribeRepositories` returns up to 100 results and a `nextToken` value, if applicable. This option cannot be used when you specify repositories with `repositoryNames`.

Returns:

See Also:



2236
2237
2238
2239
 
# File 'lib/aws-sdk-ecr/client.rb', line 2236

def describe_repositories(params = {}, options = {})
  req = build_request(:describe_repositories, params)
  req.send_request(options)
end

#describe_repository_creation_templates(params = {}) ⇒ Types::DescribeRepositoryCreationTemplatesResponse

Returns details about the repository creation templates in a registry. The ‘prefixes` request parameter can be used to return the details for a specific repository creation template.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: Describe a repository creation template


# This example describes the contents of a repository creation template.

resp = client.describe_repository_creation_templates({
  max_results: 123, 
  next_token: "", 
  prefixes: [
    "eng", 
  ], 
})

resp.to_h outputs the following:
{
  next_token: "", 
  registry_id: "012345678901", 
  repository_creation_templates: [
    {
      applied_for: [
        "PULL_THROUGH_CACHE", 
        "REPLICATION", 
        "CREATE_ON_PUSH", 
      ], 
      created_at: Time.parse("2023-12-16T17:29:02-07:00"), 
      encryption_configuration: {
        encryption_type: "AES256", 
      }, 
      image_tag_mutability: "MUTABLE", 
      prefix: "eng/test", 
      updated_at: Time.parse("2023-12-16T19:55:02-07:00"), 
    }, 
    {
      applied_for: [
        "REPLICATION", 
      ], 
      created_at: Time.parse("2023-12-14T17:29:02-07:00"), 
      encryption_configuration: {
        encryption_type: "AES256", 
      }, 
      image_tag_mutability: "IMMUTABLE", 
      prefix: "eng/replication-test", 
      updated_at: Time.parse("2023-12-14T19:55:02-07:00"), 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.describe_repository_creation_templates({
  prefixes: ["Prefix"],
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.registry_id #=> String
resp.repository_creation_templates #=> Array
resp.repository_creation_templates[0].prefix #=> String
resp.repository_creation_templates[0].description #=> String
resp.repository_creation_templates[0].encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository_creation_templates[0].encryption_configuration.kms_key #=> String
resp.repository_creation_templates[0].resource_tags #=> Array
resp.repository_creation_templates[0].resource_tags[0].key #=> String
resp.repository_creation_templates[0].resource_tags[0].value #=> String
resp.repository_creation_templates[0].image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository_creation_templates[0].image_tag_mutability_exclusion_filters #=> Array
resp.repository_creation_templates[0].image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository_creation_templates[0].image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository_creation_templates[0].repository_policy #=> String
resp.repository_creation_templates[0].lifecycle_policy #=> String
resp.repository_creation_templates[0].applied_for #=> Array
resp.repository_creation_templates[0].applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
resp.repository_creation_templates[0].custom_role_arn #=> String
resp.repository_creation_templates[0].created_at #=> Time
resp.repository_creation_templates[0].updated_at #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :prefixes (Array<String>)

    The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `DescribeRepositoryCreationTemplates` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return.

    <note markdown=“1”> This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    </note>
  • :max_results (Integer)

    The maximum number of repository results returned by ‘DescribeRepositoryCreationTemplatesRequest` in paginated output. When this parameter is used, `DescribeRepositoryCreationTemplatesRequest` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `DescribeRepositoryCreationTemplatesRequest` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `DescribeRepositoryCreationTemplatesRequest` returns up to 100 results and a `nextToken` value, if applicable.

Returns:

See Also:



2368
2369
2370
2371
 
# File 'lib/aws-sdk-ecr/client.rb', line 2368

def describe_repository_creation_templates(params = {}, options = {})
  req = build_request(:describe_repository_creation_templates, params)
  req.send_request(options)
end

#get_account_setting(params = {}) ⇒ Types::GetAccountSettingResponse

Retrieves the account setting value for the specified setting name.

Examples:

Request syntax with placeholder values


resp = client.({
  name: "AccountSettingName", # required
})

Response structure


resp.name #=> String
resp.value #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the account setting, such as ‘BASIC_SCAN_TYPE_VERSION`, `REGISTRY_POLICY_SCOPE`, or `BLOB_MOUNTING`.

Returns:

See Also:



2399
2400
2401
2402
 
# File 'lib/aws-sdk-ecr/client.rb', line 2399

def (params = {}, options = {})
  req = build_request(:get_account_setting, params)
  req.send_request(options)
end

#get_authorization_token(params = {}) ⇒ Types::GetAuthorizationTokenResponse

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.

The ‘authorizationToken` returned is a base64 encoded string that can be decoded and used in a `docker login` command to authenticate to a registry. The CLI offers an `get-login-password` command that simplifies the login process. For more information, see [Registry authentication] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth

Examples:

Example: To obtain an authorization token


# This example gets an authorization token for your default registry.

resp = client.get_authorization_token({
})

resp.to_h outputs the following:
{
  authorization_data: [
    {
      authorization_token: "QVdTOkNEXAMPLE", 
      expires_at: Time.parse("2022-05-17T06:56:13.652000+00:00"), 
      proxy_endpoint: "https://012345678901.dkr.ecr.us-west-2.amazonaws.com", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.get_authorization_token({
  registry_ids: ["RegistryId"],
})

Response structure


resp.authorization_data #=> Array
resp.authorization_data[0].authorization_token #=> String
resp.authorization_data[0].expires_at #=> Time
resp.authorization_data[0].proxy_endpoint #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_ids (Array<String>)

    A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.

Returns:

See Also:



2465
2466
2467
2468
 
# File 'lib/aws-sdk-ecr/client.rb', line 2465

def get_authorization_token(params = {}, options = {})
  req = build_request(:get_authorization_token, params)
  req.send_request(options)
end

#get_download_url_for_layer(params = {}) ⇒ Types::GetDownloadUrlForLayerResponse

Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.

When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.get_download_url_for_layer({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  layer_digest: "LayerDigest", # required
})

Response structure


resp.download_url #=> String
resp.layer_digest #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that is associated with the image layer to download.

  • :layer_digest (required, String)

    The digest of the image layer to download.

Returns:

See Also:



2517
2518
2519
2520
 
# File 'lib/aws-sdk-ecr/client.rb', line 2517

def get_download_url_for_layer(params = {}, options = {})
  req = build_request(:get_download_url_for_layer, params)
  req.send_request(options)
end

#get_lifecycle_policy(params = {}) ⇒ Types::GetLifecyclePolicyResponse

Retrieves the lifecycle policy for the specified repository.

Examples:

Request syntax with placeholder values


resp = client.get_lifecycle_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.lifecycle_policy_text #=> String
resp.last_evaluated_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository.

Returns:

See Also:



2557
2558
2559
2560
 
# File 'lib/aws-sdk-ecr/client.rb', line 2557

def get_lifecycle_policy(params = {}, options = {})
  req = build_request(:get_lifecycle_policy, params)
  req.send_request(options)
end

#get_lifecycle_policy_preview(params = {}) ⇒ Types::GetLifecyclePolicyPreviewResponse

Retrieves the results of the lifecycle policy preview request for the specified repository.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

The following waiters are defined for this operation (see #wait_until for detailed usage):

* lifecycle_policy_preview_complete

Examples:

Request syntax with placeholder values


resp = client.get_lifecycle_policy_preview({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_ids: [
    {
      image_digest: "ImageDigest",
      image_tag: "ImageTag",
    },
  ],
  next_token: "NextToken",
  max_results: 1,
  filter: {
    tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
  },
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.lifecycle_policy_text #=> String
resp.status #=> String, one of "IN_PROGRESS", "COMPLETE", "EXPIRED", "FAILED"
resp.next_token #=> String
resp.preview_results #=> Array
resp.preview_results[0].image_tags #=> Array
resp.preview_results[0].image_tags[0] #=> String
resp.preview_results[0].image_digest #=> String
resp.preview_results[0].image_pushed_at #=> Time
resp.preview_results[0].action.type #=> String, one of "EXPIRE", "TRANSITION"
resp.preview_results[0].action.target_storage_class #=> String, one of "ARCHIVE"
resp.preview_results[0].applied_rule_priority #=> Integer
resp.preview_results[0].storage_class #=> String, one of "ARCHIVE", "STANDARD"
resp.summary.expiring_image_total_count #=> Integer
resp.summary.transitioning_image_total_counts #=> Array
resp.summary.transitioning_image_total_counts[0].target_storage_class #=> String, one of "ARCHIVE"
resp.summary.transitioning_image_total_counts[0].image_total_count #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository.

  • :image_ids (Array<Types::ImageIdentifier>)

    The list of imageIDs to be included.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated
`GetLifecyclePolicyPreviewRequest` request where `maxResults` was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the `nextToken` value. This value is
 `null` when there are no more results to return. This option cannot be used when you specify images with `imageIds`.

  • :max_results (Integer)

    The maximum number of repository results returned by ‘GetLifecyclePolicyPreviewRequest` in
 paginated output. When this parameter is used, `GetLifecyclePolicyPreviewRequest` only returns
`maxResults` results in a single page along with a `nextToken`
response element. The remaining results of the initial request can be seen by sending
 another `GetLifecyclePolicyPreviewRequest` request with the returned `nextToken`
 value. This value can be between 1 and

    1. If this
 parameter is not used, then

    ‘GetLifecyclePolicyPreviewRequest` returns up to
100 results and a `nextToken` value, if
 applicable. This option cannot be used when you specify images with `imageIds`.

  • :filter (Types::LifecyclePolicyPreviewFilter)

    An optional parameter that filters results based on image tag status and all tags, if tagged.

Returns:

See Also:



2662
2663
2664
2665
 
# File 'lib/aws-sdk-ecr/client.rb', line 2662

def get_lifecycle_policy_preview(params = {}, options = {})
  req = build_request(:get_lifecycle_policy_preview, params)
  req.send_request(options)
end

#get_registry_policy(params = {}) ⇒ Types::GetRegistryPolicyResponse

Retrieves the permissions policy for a registry.

Examples:

Response structure


resp.registry_id #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



2683
2684
2685
2686
 
# File 'lib/aws-sdk-ecr/client.rb', line 2683

def get_registry_policy(params = {}, options = {})
  req = build_request(:get_registry_policy, params)
  req.send_request(options)
end

#get_registry_scanning_configuration(params = {}) ⇒ Types::GetRegistryScanningConfigurationResponse

Retrieves the scanning configuration for a registry.

Examples:

Response structure


resp.registry_id #=> String
resp.scanning_configuration.scan_type #=> String, one of "BASIC", "ENHANCED"
resp.scanning_configuration.rules #=> Array
resp.scanning_configuration.rules[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
resp.scanning_configuration.rules[0].repository_filters #=> Array
resp.scanning_configuration.rules[0].repository_filters[0].filter #=> String
resp.scanning_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



2709
2710
2711
2712
 
# File 'lib/aws-sdk-ecr/client.rb', line 2709

def get_registry_scanning_configuration(params = {}, options = {})
  req = build_request(:get_registry_scanning_configuration, params)
  req.send_request(options)
end

#get_repository_policy(params = {}) ⇒ Types::GetRepositoryPolicyResponse

Retrieves the repository policy for the specified repository.

Examples:

Example: To get the current policy for a repository


# This example obtains the repository policy for the repository named ubuntu.

resp = client.get_repository_policy({
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  policy_text: "{\n  \"Version\" : \"2008-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"new statement\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n     \"AWS\" : \"arn:aws:iam::012345678901:role/CodeDeployDemo\"\n    },\n\"Action\" : [ \"ecr:GetDownloadUrlForLayer\", \"ecr:BatchGetImage\", \"ecr:BatchCheckLayerAvailability\" ]\n } ]\n}", 
  registry_id: "012345678901", 
  repository_name: "ubuntu", 
}

Request syntax with placeholder values


resp = client.get_repository_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository with the policy to retrieve.

Returns:

See Also:



2763
2764
2765
2766
 
# File 'lib/aws-sdk-ecr/client.rb', line 2763

def get_repository_policy(params = {}, options = {})
  req = build_request(:get_repository_policy, params)
  req.send_request(options)
end

#get_signing_configuration(params = {}) ⇒ Types::GetSigningConfigurationResponse

Retrieves the registry’s signing configuration, which defines rules for automatically signing images using Amazon Web Services Signer.

For more information, see [Managed signing] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html

Examples:

Response structure


resp.registry_id #=> String
resp.signing_configuration.rules #=> Array
resp.signing_configuration.rules[0].signing_profile_arn #=> String
resp.signing_configuration.rules[0].repository_filters #=> Array
resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



2796
2797
2798
2799
 
# File 'lib/aws-sdk-ecr/client.rb', line 2796

def get_signing_configuration(params = {}, options = {})
  req = build_request(:get_signing_configuration, params)
  req.send_request(options)
end

#initiate_layer_upload(params = {}) ⇒ Types::InitiateLayerUploadResponse

Notifies Amazon ECR that you intend to upload an image layer.

When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.initiate_layer_upload({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
})

Response structure


resp.upload_id #=> String
resp.part_size #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to which you intend to upload layers. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to which you intend to upload layers.

Returns:

See Also:



2843
2844
2845
2846
 
# File 'lib/aws-sdk-ecr/client.rb', line 2843

def initiate_layer_upload(params = {}, options = {})
  req = build_request(:initiate_layer_upload, params)
  req.send_request(options)
end

#list_image_referrers(params = {}) ⇒ Types::ListImageReferrersResponse

Lists the artifacts associated with a specified subject image.

<note markdown=“1”> The IAM principal invoking this operation must have the ‘ecr:BatchGetImage` permission.

</note>

Examples:

Example: To list artifacts associated with a subject image


# This example lists all artifacts (such as Sigstore signatures) that reference a specific container image in the
# sample-repo repository.

resp = client.list_image_referrers({
  repository_name: "sample-repo", 
  subject_id: {
    image_digest: "sha256:943e640159415616581703a53fa4ed87e96740655fd67daf2d2146a35337bce5", 
  }, 
})

resp.to_h outputs the following:
{
  referrers: [
    {
      annotations: {
        "dev.sigstore.bundle.content" => "dsse-envelope", 
        "dev.sigstore.bundle.predicateType" => "https://sigstore.dev/cosign/sign/v1", 
        "org.opencontainers.image.created" => "2025-11-17T22:00:33Z", 
      }, 
      artifact_status: "ACTIVE", 
      artifact_type: "application/vnd.dev.sigstore.bundle.v0.3+json", 
      digest: "sha256:270c60be5b6ed41e6e7c505ac0c4e2577748affc14147bcba76b533604dc7a07", 
      media_type: "application/vnd.oci.image.manifest.v1+json", 
      size: 888, 
    }, 
  ], 
}

Example: To list artifacts of a specific type


# This example lists only Sigstore bundle artifacts associated with a subject image by filtering on the artifact type.

resp = client.list_image_referrers({
  filter: {
    artifact_types: [
      "application/vnd.dev.sigstore.bundle.v0.3+json", 
    ], 
  }, 
  repository_name: "sample-repo", 
  subject_id: {
    image_digest: "sha256:943e640159415616581703a53fa4ed87e96740655fd67daf2d2146a35337bce5", 
  }, 
})

resp.to_h outputs the following:
{
  referrers: [
    {
      annotations: {
        "dev.sigstore.bundle.content" => "dsse-envelope", 
        "dev.sigstore.bundle.predicateType" => "https://sigstore.dev/cosign/sign/v1", 
        "org.opencontainers.image.created" => "2025-11-17T22:00:33Z", 
      }, 
      artifact_status: "ACTIVE", 
      artifact_type: "application/vnd.dev.sigstore.bundle.v0.3+json", 
      digest: "sha256:270c60be5b6ed41e6e7c505ac0c4e2577748affc14147bcba76b533604dc7a07", 
      media_type: "application/vnd.oci.image.manifest.v1+json", 
      size: 888, 
    }, 
  ], 
}

Example: To list both active and archived artifacts


# This example lists all artifacts including those that have been archived, by specifying the artifactStatus filter as
# ANY.

resp = client.list_image_referrers({
  filter: {
    artifact_status: "ANY", 
  }, 
  repository_name: "sample-repo", 
  subject_id: {
    image_digest: "sha256:943e640159415616581703a53fa4ed87e96740655fd67daf2d2146a35337bce5", 
  }, 
})

resp.to_h outputs the following:
{
  referrers: [
    {
      annotations: {
        "dev.sigstore.bundle.content" => "dsse-envelope", 
        "dev.sigstore.bundle.predicateType" => "https://sigstore.dev/cosign/sign/v1", 
        "org.opencontainers.image.created" => "2025-11-17T22:00:33Z", 
      }, 
      artifact_status: "ACTIVE", 
      artifact_type: "application/vnd.dev.sigstore.bundle.v0.3+json", 
      digest: "sha256:270c60be5b6ed41e6e7c505ac0c4e2577748affc14147bcba76b533604dc7a07", 
      media_type: "application/vnd.oci.image.manifest.v1+json", 
      size: 888, 
    }, 
    {
      annotations: {
        "dev.sigstore.bundle.predicateType" => "https://sigstore.dev/cosign/sign/v1", 
        "org.opencontainers.image.created" => "2025-10-15T14:30:00Z", 
      }, 
      artifact_status: "ARCHIVED", 
      artifact_type: "application/vnd.dev.sigstore.bundle.v0.2+json", 
      digest: "sha256:5a1c89f2b3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0", 
      media_type: "application/vnd.oci.image.manifest.v1+json", 
      size: 856, 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_image_referrers({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  subject_id: { # required
    image_digest: "ImageDigest", # required
  },
  filter: {
    artifact_types: ["ArtifactType"],
    artifact_status: "ACTIVE", # accepts ACTIVE, ARCHIVED, ACTIVATING, ANY
  },
  next_token: "NextToken",
  max_results: 1,
})

Response structure


resp.referrers #=> Array
resp.referrers[0].digest #=> String
resp.referrers[0].media_type #=> String
resp.referrers[0].artifact_type #=> String
resp.referrers[0].size #=> Integer
resp.referrers[0].annotations #=> Hash
resp.referrers[0].annotations["String"] #=> String
resp.referrers[0].artifact_status #=> String, one of "ACTIVE", "ARCHIVED", "ACTIVATING"
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to list image referrers. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that contains the subject image.

  • :subject_id (required, Types::SubjectIdentifier)

    An object containing the image digest of the subject image for which to retrieve associated artifacts.

  • :filter (Types::ListImageReferrersFilter)

    The filter key and value with which to filter your ‘ListImageReferrers` results. If no filter is specified, only artifacts with `ACTIVE` status are returned.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `ListImageReferrers` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return.

    <note markdown=“1”> This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    </note>
  • :max_results (Integer)

    The maximum number of image referrer results returned by ‘ListImageReferrers` in paginated output. When this parameter is used, `ListImageReferrers` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `ListImageReferrers` request with the returned `nextToken` value. This value can be between 1 and 50. If this parameter is not used, then `ListImageReferrers` returns up to 20 results and a `nextToken` value, if applicable.

Returns:

See Also:



3042
3043
3044
3045
 
# File 'lib/aws-sdk-ecr/client.rb', line 3042

def list_image_referrers(params = {}, options = {})
  req = build_request(:list_image_referrers, params)
  req.send_request(options)
end

#list_images(params = {}) ⇒ Types::ListImagesResponse

Lists all the image IDs for the specified repository.

You can filter images based on whether or not they are tagged by using the ‘tagStatus` filter and specifying either `TAGGED`, `UNTAGGED` or `ANY`. For example, you can filter your results to return only `UNTAGGED` images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only `TAGGED` images to list all of the tags in your repository.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list all images in a repository


# This example lists all of the images in the repository named ubuntu in the default registry in the current account. 

resp = client.list_images({
  repository_name: "ubuntu", 
})

resp.to_h outputs the following:
{
  image_ids: [
    {
      image_digest: "sha256:764f63476bdff6d83a09ba2a818f0d35757063724a9ac3ba5019c56f74ebf42a", 
      image_tag: "precise", 
    }, 
  ], 
}

Request syntax with placeholder values


resp = client.list_images({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  next_token: "NextToken",
  max_results: 1,
  filter: {
    tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
    image_status: "ACTIVE", # accepts ACTIVE, ARCHIVED, ACTIVATING, ANY
  },
})

Response structure


resp.image_ids #=> Array
resp.image_ids[0].image_digest #=> String
resp.image_ids[0].image_tag #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to list images. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The repository with image IDs to be listed.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `ListImages` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return.

    <note markdown=“1”> This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    </note>
  • :max_results (Integer)

    The maximum number of image results returned by ‘ListImages` in paginated output. When this parameter is used, `ListImages` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `ListImages` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `ListImages` returns up to 100 results and a `nextToken` value, if applicable.

  • :filter (Types::ListImagesFilter)

    The filter key and value with which to filter your ‘ListImages` results.

Returns:

See Also:



3141
3142
3143
3144
 
# File 'lib/aws-sdk-ecr/client.rb', line 3141

def list_images(params = {}, options = {})
  req = build_request(:list_images, params)
  req.send_request(options)
end

#list_pull_time_update_exclusions(params = {}) ⇒ Types::ListPullTimeUpdateExclusionsResponse

Lists the IAM principals that are excluded from having their image pull times recorded.

Examples:

Example: To list all pull time update exclusions


# This example lists all IAM principals that are excluded from having their image pull timestamps recorded in the
# registry.

resp = client.list_pull_time_update_exclusions({
})

resp.to_h outputs the following:
{
  pull_time_update_exclusions: [
    "arn:aws:iam::012345678910:role/ECRAccess", 
  ], 
}

Example: To list pull time update exclusions with pagination


# This example lists pull time update exclusions with pagination, requesting a maximum of 2 results per page.

resp = client.list_pull_time_update_exclusions({
  max_results: 2, 
})

resp.to_h outputs the following:
{
  next_token: "eyJlbmNyeXB0ZWREYXRhIjpbXX0=", 
  pull_time_update_exclusions: [
    "arn:aws:iam::012345678910:role/ECRAccess", 
    "arn:aws:iam::012345678910:role/CICDPipeline", 
  ], 
}

Request syntax with placeholder values


resp = client.list_pull_time_update_exclusions({
  max_results: 1,
  next_token: "NextToken",
})

Response structure


resp.pull_time_update_exclusions #=> Array
resp.pull_time_update_exclusions[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of pull time update exclusion results returned by ‘ListPullTimeUpdateExclusions` in paginated output. When this parameter is used, `ListPullTimeUpdateExclusions` only returns `maxResults` results in a single page along with a `nextToken` response element. The remaining results of the initial request can be seen by sending another `ListPullTimeUpdateExclusions` request with the returned `nextToken` value. This value can be between 1 and 1000. If this parameter is not used, then `ListPullTimeUpdateExclusions` returns up to 100 results and a `nextToken` value, if applicable.

  • :next_token (String)

    The ‘nextToken` value returned from a previous paginated `ListPullTimeUpdateExclusions` request where `maxResults` was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the `nextToken` value. This value is `null` when there are no more results to return.

    <note markdown=“1”> This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    </note>

Returns:

See Also:



3228
3229
3230
3231
 
# File 'lib/aws-sdk-ecr/client.rb', line 3228

def list_pull_time_update_exclusions(params = {}, options = {})
  req = build_request(:list_pull_time_update_exclusions, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

List the tags for an Amazon ECR resource.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  resource_arn: "Arn", # required
})

Response structure


resp.tags #=> Array
resp.tags[0].key #=> String
resp.tags[0].value #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.

Returns:

See Also:



3260
3261
3262
3263
 
# File 'lib/aws-sdk-ecr/client.rb', line 3260

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#put_account_setting(params = {}) ⇒ Types::PutAccountSettingResponse

Allows you to change the basic scan type version or registry policy scope.

Examples:

Request syntax with placeholder values


resp = client.({
  name: "AccountSettingName", # required
  value: "AccountSettingValue", # required
})

Response structure


resp.name #=> String
resp.value #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the account setting, such as ‘BASIC_SCAN_TYPE_VERSION`, `REGISTRY_POLICY_SCOPE`, or `BLOB_MOUNTING`.

  • :value (required, String)

    Setting value that is specified. Valid value for basic scan type: ‘AWS_NATIVE`. Valid values for registry policy scope: `V2`. Valid values for blob mounting: `ENABLED` or `DISABLED`.

Returns:

See Also:



3298
3299
3300
3301
 
# File 'lib/aws-sdk-ecr/client.rb', line 3298

def (params = {}, options = {})
  req = build_request(:put_account_setting, params)
  req.send_request(options)
end

#put_image(params = {}) ⇒ Types::PutImageResponse

Creates or updates the image manifest and tags associated with an image.

When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.put_image({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_manifest: "ImageManifest", # required
  image_manifest_media_type: "MediaType",
  image_tag: "ImageTag",
  image_digest: "ImageDigest",
})

Response structure


resp.image.registry_id #=> String
resp.image.repository_name #=> String
resp.image.image_id.image_digest #=> String
resp.image.image_id.image_tag #=> String
resp.image.image_manifest #=> String
resp.image.image_manifest_media_type #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to put the image. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository in which to put the image.

  • :image_manifest (required, String)

    The image manifest corresponding to the image to be uploaded.

  • :image_manifest_media_type (String)

    The media type of the image manifest. If you push an image manifest that does not contain the ‘mediaType` field, you must specify the `imageManifestMediaType` in the request.

  • :image_tag (String)

    The tag to associate with the image. This parameter is optional.

  • :image_digest (String)

    The image digest of the image manifest corresponding to the image.

Returns:

See Also:



3366
3367
3368
3369
 
# File 'lib/aws-sdk-ecr/client.rb', line 3366

def put_image(params = {}, options = {})
  req = build_request(:put_image, params)
  req.send_request(options)
end

#put_image_scanning_configuration(params = {}) ⇒ Types::PutImageScanningConfigurationResponse

The ‘PutImageScanningConfiguration` API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration.

Updates the image scanning configuration for the specified repository.

Examples:

Request syntax with placeholder values


resp = client.put_image_scanning_configuration({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_scanning_configuration: { # required
    scan_on_push: false,
  },
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.image_scanning_configuration.scan_on_push #=> Boolean

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image scanning configuration setting. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository in which to update the image scanning configuration setting.

  • :image_scanning_configuration (required, Types::ImageScanningConfiguration)

    The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.

Returns:

See Also:



3418
3419
3420
3421
 
# File 'lib/aws-sdk-ecr/client.rb', line 3418

def put_image_scanning_configuration(params = {}, options = {})
  req = build_request(:put_image_scanning_configuration, params)
  req.send_request(options)
end

#put_image_tag_mutability(params = {}) ⇒ Types::PutImageTagMutabilityResponse

Updates the image tag mutability settings for the specified repository. For more information, see [Image tag mutability] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html

Examples:

Request syntax with placeholder values


resp = client.put_image_tag_mutability({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_tag_mutability: "MUTABLE", # required, accepts MUTABLE, IMMUTABLE, IMMUTABLE_WITH_EXCLUSION, MUTABLE_WITH_EXCLUSION
  image_tag_mutability_exclusion_filters: [
    {
      filter_type: "WILDCARD", # required, accepts WILDCARD
      filter: "ImageTagMutabilityExclusionFilterValue", # required
    },
  ],
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.image_tag_mutability_exclusion_filters #=> Array
resp.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.image_tag_mutability_exclusion_filters[0].filter #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image tag mutability settings. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository in which to update the image tag mutability settings.

  • :image_tag_mutability (required, String)

    The tag mutability setting for the repository. If ‘MUTABLE` is specified, image tags can be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

  • :image_tag_mutability_exclusion_filters (Array<Types::ImageTagMutabilityExclusionFilter>)

    A list of filters that specify which image tags should be excluded from the image tag mutability setting being applied.

Returns:

See Also:



3485
3486
3487
3488
 
# File 'lib/aws-sdk-ecr/client.rb', line 3485

def put_image_tag_mutability(params = {}, options = {})
  req = build_request(:put_image_tag_mutability, params)
  req.send_request(options)
end

#put_lifecycle_policy(params = {}) ⇒ Types::PutLifecyclePolicyResponse

Creates or updates the lifecycle policy for the specified repository. For more information, see [Lifecycle policy template].

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Examples:

Request syntax with placeholder values


resp = client.put_lifecycle_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  lifecycle_policy_text: "LifecyclePolicyText", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.lifecycle_policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do
 not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to receive the policy.

  • :lifecycle_policy_text (required, String)

    The JSON repository policy text to apply to the repository.

Returns:

See Also:



3532
3533
3534
3535
 
# File 'lib/aws-sdk-ecr/client.rb', line 3532

def put_lifecycle_policy(params = {}, options = {})
  req = build_request(:put_lifecycle_policy, params)
  req.send_request(options)
end

#put_registry_policy(params = {}) ⇒ Types::PutRegistryPolicyResponse

Creates or updates the permissions policy for your registry.

A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see [Registry permissions] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html

Examples:

Request syntax with placeholder values


resp = client.put_registry_policy({
  policy_text: "RegistryPolicyText", # required
})

Response structure


resp.registry_id #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



3578
3579
3580
3581
 
# File 'lib/aws-sdk-ecr/client.rb', line 3578

def put_registry_policy(params = {}, options = {})
  req = build_request(:put_registry_policy, params)
  req.send_request(options)
end

#put_registry_scanning_configuration(params = {}) ⇒ Types::PutRegistryScanningConfigurationResponse

Creates or updates the scanning configuration for your private registry.

Examples:

Request syntax with placeholder values


resp = client.put_registry_scanning_configuration({
  scan_type: "BASIC", # accepts BASIC, ENHANCED
  rules: [
    {
      scan_frequency: "SCAN_ON_PUSH", # required, accepts SCAN_ON_PUSH, CONTINUOUS_SCAN, MANUAL
      repository_filters: [ # required
        {
          filter: "ScanningRepositoryFilterValue", # required
          filter_type: "WILDCARD", # required, accepts WILDCARD
        },
      ],
    },
  ],
})

Response structure


resp.registry_scanning_configuration.scan_type #=> String, one of "BASIC", "ENHANCED"
resp.registry_scanning_configuration.rules #=> Array
resp.registry_scanning_configuration.rules[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
resp.registry_scanning_configuration.rules[0].repository_filters #=> Array
resp.registry_scanning_configuration.rules[0].repository_filters[0].filter #=> String
resp.registry_scanning_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scan_type (String)

    The scanning type to set for the registry.

    When a registry scanning configuration is not defined, by default the ‘BASIC` scan type is used. When basic scanning is used, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed to those repositories. Alternatively, you can do manual scans of images with basic scanning.

    When the ‘ENHANCED` scan type is set, Amazon Inspector provides automated vulnerability scanning. You may choose between continuous scanning or scan on push and you may specify filters to determine which individual repositories, or all repositories, are scanned.

  • :rules (Array<Types::RegistryScanningRule>)

    The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.

Returns:

See Also:



3640
3641
3642
3643
 
# File 'lib/aws-sdk-ecr/client.rb', line 3640

def put_registry_scanning_configuration(params = {}, options = {})
  req = build_request(:put_registry_scanning_configuration, params)
  req.send_request(options)
end

#put_replication_configuration(params = {}) ⇒ Types::PutReplicationConfigurationResponse

Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see [Using service-linked roles for Amazon ECR] in the *Amazon Elastic Container Registry User Guide*. For more information on the custom role for replication, see [Creating an IAM role for replication].

<note markdown=“1”> When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.

</note>

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html [2]: docs.aws.amazon.com/AmazonECR/latest/userguide/replication-creation-templates.html#roles-creatingrole-user-console

Examples:

Request syntax with placeholder values


resp = client.put_replication_configuration({
  replication_configuration: { # required
    rules: [ # required
      {
        destinations: [ # required
          {
            region: "Region", # required
            registry_id: "RegistryId", # required
          },
        ],
        repository_filters: [
          {
            filter: "RepositoryFilterValue", # required
            filter_type: "PREFIX_MATCH", # required, accepts PREFIX_MATCH
          },
        ],
      },
    ],
  },
})

Response structure


resp.replication_configuration.rules #=> Array
resp.replication_configuration.rules[0].destinations #=> Array
resp.replication_configuration.rules[0].destinations[0].region #=> String
resp.replication_configuration.rules[0].destinations[0].registry_id #=> String
resp.replication_configuration.rules[0].repository_filters #=> Array
resp.replication_configuration.rules[0].repository_filters[0].filter #=> String
resp.replication_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "PREFIX_MATCH"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



3711
3712
3713
3714
 
# File 'lib/aws-sdk-ecr/client.rb', line 3711

def put_replication_configuration(params = {}, options = {})
  req = build_request(:put_replication_configuration, params)
  req.send_request(options)
end

#put_signing_configuration(params = {}) ⇒ Types::PutSigningConfigurationResponse

Creates or updates the registry’s signing configuration, which defines rules for automatically signing images with Amazon Web Services Signer.

For more information, see [Managed signing] in the *Amazon Elastic Container Registry User Guide*.

<note markdown=“1”> To successfully generate a signature, the IAM principal pushing images must have permission to sign payloads with the Amazon Web Services Signer signing profile referenced in the signing configuration.

</note>

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/managed-signing.html

Examples:

Request syntax with placeholder values


resp = client.put_signing_configuration({
  signing_configuration: { # required
    rules: [ # required
      {
        signing_profile_arn: "SigningProfileArn", # required
        repository_filters: [
          {
            filter: "SigningRepositoryFilterValue", # required
            filter_type: "WILDCARD_MATCH", # required, accepts WILDCARD_MATCH
          },
        ],
      },
    ],
  },
})

Response structure


resp.signing_configuration.rules #=> Array
resp.signing_configuration.rules[0].signing_profile_arn #=> String
resp.signing_configuration.rules[0].repository_filters #=> Array
resp.signing_configuration.rules[0].repository_filters[0].filter #=> String
resp.signing_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD_MATCH"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



3770
3771
3772
3773
 
# File 'lib/aws-sdk-ecr/client.rb', line 3770

def put_signing_configuration(params = {}, options = {})
  req = build_request(:put_signing_configuration, params)
  req.send_request(options)
end

#register_pull_time_update_exclusion(params = {}) ⇒ Types::RegisterPullTimeUpdateExclusionResponse

Adds an IAM principal to the pull time update exclusion list for a registry. Amazon ECR will not record the pull time if an excluded principal pulls an image.

Examples:

Example: To exclude an IAM role from pull time tracking


# This example adds an IAM role to the pull time update exclusion list so that Amazon ECR will not record image pull
# timestamps for this principal.

resp = client.register_pull_time_update_exclusion({
  principal_arn: "arn:aws:iam::012345678910:role/ECRAccess", 
})

resp.to_h outputs the following:
{
  created_at: Time.parse("2025-11-17T22:08:12.659000+00:00"), 
  principal_arn: "arn:aws:iam::012345678910:role/ECRAccess", 
}

Request syntax with placeholder values


resp = client.register_pull_time_update_exclusion({
  principal_arn: "PrincipalArn", # required
})

Response structure


resp.principal_arn #=> String
resp.created_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :principal_arn (required, String)

    The ARN of the IAM principal to exclude from having image pull times recorded.

Returns:

See Also:



3819
3820
3821
3822
 
# File 'lib/aws-sdk-ecr/client.rb', line 3819

def register_pull_time_update_exclusion(params = {}, options = {})
  req = build_request(:register_pull_time_update_exclusion, params)
  req.send_request(options)
end

#set_repository_policy(params = {}) ⇒ Types::SetRepositoryPolicyResponse

Applies a repository policy to the specified repository to control access permissions. For more information, see [Amazon ECR Repository policies] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html

Examples:

Request syntax with placeholder values


resp = client.set_repository_policy({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  policy_text: "RepositoryPolicyText", # required
  force: false,
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.policy_text #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to receive the policy.

  • :policy_text (required, String)

    The JSON repository policy text to apply to the repository. For more information, see [Amazon ECR repository policies] in the *Amazon Elastic Container Registry User Guide*.

    [1]: docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html

  • :force (Boolean)

    If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the SetRepositoryPolicy operation. This is intended to prevent accidental repository lock outs.

Returns:

See Also:



3880
3881
3882
3883
 
# File 'lib/aws-sdk-ecr/client.rb', line 3880

def set_repository_policy(params = {}, options = {})
  req = build_request(:set_repository_policy, params)
  req.send_request(options)
end

#start_image_scan(params = {}) ⇒ Types::StartImageScanResponse

Starts a basic image vulnerability scan.

A basic image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. You can start up to 100,000 basic scans per 24 hours. This limit includes both scans on initial push and scans initiated by the StartImageScan API. For more information, see [Basic scanning] in the *Amazon Elastic Container Registry User Guide*.

[1]: docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-basic.html

Examples:

Request syntax with placeholder values


resp = client.start_image_scan({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_id: { # required
    image_digest: "ImageDigest",
    image_tag: "ImageTag",
  },
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.image_id.image_digest #=> String
resp.image_id.image_tag #=> String
resp.image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE", "LIMIT_EXCEEDED", "IMAGE_ARCHIVED"
resp.image_scan_status.description #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository in which to start an image scan request. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that contains the images to scan.

  • :image_id (required, Types::ImageIdentifier)

    An object with identifying information for an image in an Amazon ECR repository.

Returns:

See Also:



3941
3942
3943
3944
 
# File 'lib/aws-sdk-ecr/client.rb', line 3941

def start_image_scan(params = {}, options = {})
  req = build_request(:start_image_scan, params)
  req.send_request(options)
end

#start_lifecycle_policy_preview(params = {}) ⇒ Types::StartLifecyclePolicyPreviewResponse

Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.

Examples:

Request syntax with placeholder values


resp = client.start_lifecycle_policy_preview({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  lifecycle_policy_text: "LifecyclePolicyText",
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.lifecycle_policy_text #=> String
resp.status #=> String, one of "IN_PROGRESS", "COMPLETE", "EXPIRED", "FAILED"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to be evaluated.

  • :lifecycle_policy_text (String)

    The policy to be evaluated against. If you do not specify a policy, the current policy for the repository is used.

Returns:

See Also:



3988
3989
3990
3991
 
# File 'lib/aws-sdk-ecr/client.rb', line 3988

def start_lifecycle_policy_preview(params = {}, options = {})
  req = build_request(:start_lifecycle_policy_preview, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  resource_arn: "Arn", # required
  tags: [ # required
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.

  • :tags (required, Array<Types::Tag>)

    The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



4025
4026
4027
4028
 
# File 'lib/aws-sdk-ecr/client.rb', line 4025

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Deletes specified tags from a resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  resource_arn: "Arn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.

  • :tag_keys (required, Array<String>)

    The keys of the tags to be removed.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



4053
4054
4055
4056
 
# File 'lib/aws-sdk-ecr/client.rb', line 4053

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_image_storage_class(params = {}) ⇒ Types::UpdateImageStorageClassResponse

Transitions an image between storage classes. You can transition images from Amazon ECR standard storage class to Amazon ECR archival storage class for long-term storage, or restore archived images back to Amazon ECR standard.

Examples:

Example: To transition an image to Amazon ECR Archive


# This example transitions an image with a specific digest in the hello-repository repository to Amazon ECR Archive
# storage for long-term archival.

resp = client.update_image_storage_class({
  image_id: {
    image_digest: "sha256:0b1a4e0c81c434fa7928e5c4a2651a521ebabc4ff200c65f7e25b99373efca3b", 
  }, 
  registry_id: "724772093679", 
  repository_name: "hello-repository", 
  target_storage_class: "ARCHIVE", 
})

resp.to_h outputs the following:
{
  image_id: {
    image_digest: "sha256:0b1a4e0c81c434fa7928e5c4a2651a521ebabc4ff200c65f7e25b99373efca3b", 
  }, 
  image_status: "ARCHIVED", 
  registry_id: "724772093679", 
  repository_name: "hello-repository", 
}

Example: To restore an archived image to Amazon ECR Standard


# This example restores an archived image with a specific digest back to Amazon ECR Standard storage.

resp = client.update_image_storage_class({
  image_id: {
    image_digest: "sha256:0b1a4e0c81c434fa7928e5c4a2651a521ebabc4ff200c65f7e25b99373efca3b", 
  }, 
  registry_id: "724772093679", 
  repository_name: "hello-repository", 
  target_storage_class: "STANDARD", 
})

resp.to_h outputs the following:
{
  image_id: {
    image_digest: "sha256:0b1a4e0c81c434fa7928e5c4a2651a521ebabc4ff200c65f7e25b99373efca3b", 
  }, 
  image_status: "ACTIVATING", 
  registry_id: "724772093679", 
  repository_name: "hello-repository", 
}

Request syntax with placeholder values


resp = client.update_image_storage_class({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  image_id: { # required
    image_digest: "ImageDigest",
    image_tag: "ImageTag",
  },
  target_storage_class: "STANDARD", # required, accepts STANDARD, ARCHIVE
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.image_id.image_digest #=> String
resp.image_id.image_tag #=> String
resp.image_status #=> String, one of "ACTIVE", "ARCHIVED", "ACTIVATING"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry that contains the image to transition. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository that contains the image to transition.

  • :image_id (required, Types::ImageIdentifier)

    An object with identifying information for an image in an Amazon ECR repository.

  • :target_storage_class (required, String)

    The target storage class for the image.

Returns:

See Also:



4157
4158
4159
4160
 
# File 'lib/aws-sdk-ecr/client.rb', line 4157

def update_image_storage_class(params = {}, options = {})
  req = build_request(:update_image_storage_class, params)
  req.send_request(options)
end

#update_pull_through_cache_rule(params = {}) ⇒ Types::UpdatePullThroughCacheRuleResponse

Updates an existing pull through cache rule.

Examples:

Request syntax with placeholder values


resp = client.update_pull_through_cache_rule({
  registry_id: "RegistryId",
  ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
  credential_arn: "CredentialArn",
  custom_role_arn: "CustomRoleArn",
})

Response structure


resp.ecr_repository_prefix #=> String
resp.registry_id #=> String
resp.updated_at #=> Time
resp.credential_arn #=> String
resp.custom_role_arn #=> String
resp.upstream_repository_prefix #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

  • :ecr_repository_prefix (required, String)

    The repository name prefix to use when caching images from the source registry.

  • :credential_arn (String)

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

  • :custom_role_arn (String)

    Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.

Returns:

See Also:



4214
4215
4216
4217
 
# File 'lib/aws-sdk-ecr/client.rb', line 4214

def update_pull_through_cache_rule(params = {}, options = {})
  req = build_request(:update_pull_through_cache_rule, params)
  req.send_request(options)
end

#update_repository_creation_template(params = {}) ⇒ Types::UpdateRepositoryCreationTemplateResponse

Updates an existing repository creation template.

Examples:

Example: Update a repository creation template


# This example updates a repository creation template.

resp = client.update_repository_creation_template({
  applied_for: [
    "REPLICATION", 
  ], 
  prefix: "eng/test", 
  resource_tags: [
    {
      key: "environment", 
      value: "test", 
    }, 
  ], 
})

resp.to_h outputs the following:
{
  registry_id: "012345678901", 
  repository_creation_template: {
    applied_for: [
      "REPLICATION", 
    ], 
    created_at: Time.parse("2023-12-16T17:29:02-07:00"), 
    description: "Repos for testing images", 
    encryption_configuration: {
      encryption_type: "AES256", 
    }, 
    image_tag_mutability: "MUTABLE", 
    lifecycle_policy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
    prefix: "eng/test", 
    repository_policy: "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"LambdaECRPullPolicy\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"Service\" : \"lambda.amazonaws.com\"\n    },\n    \"Action\" : \"ecr:BatchGetImage\"\n  } ]\n}", 
    resource_tags: [
      {
        key: "environment", 
        value: "test", 
      }, 
    ], 
    updated_at: Time.parse("2023-12-16T19:55:02-07:00"), 
  }, 
}

Request syntax with placeholder values


resp = client.update_repository_creation_template({
  prefix: "Prefix", # required
  description: "RepositoryTemplateDescription",
  encryption_configuration: {
    encryption_type: "AES256", # required, accepts AES256, KMS, KMS_DSSE
    kms_key: "KmsKeyForRepositoryCreationTemplate",
  },
  resource_tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
  image_tag_mutability: "MUTABLE", # accepts MUTABLE, IMMUTABLE, IMMUTABLE_WITH_EXCLUSION, MUTABLE_WITH_EXCLUSION
  image_tag_mutability_exclusion_filters: [
    {
      filter_type: "WILDCARD", # required, accepts WILDCARD
      filter: "ImageTagMutabilityExclusionFilterValue", # required
    },
  ],
  repository_policy: "RepositoryPolicyText",
  lifecycle_policy: "LifecyclePolicyTextForRepositoryCreationTemplate",
  applied_for: ["REPLICATION"], # accepts REPLICATION, PULL_THROUGH_CACHE, CREATE_ON_PUSH
  custom_role_arn: "CustomRoleArn",
})

Response structure


resp.registry_id #=> String
resp.repository_creation_template.prefix #=> String
resp.repository_creation_template.description #=> String
resp.repository_creation_template.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS", "KMS_DSSE"
resp.repository_creation_template.encryption_configuration.kms_key #=> String
resp.repository_creation_template.resource_tags #=> Array
resp.repository_creation_template.resource_tags[0].key #=> String
resp.repository_creation_template.resource_tags[0].value #=> String
resp.repository_creation_template.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE", "IMMUTABLE_WITH_EXCLUSION", "MUTABLE_WITH_EXCLUSION"
resp.repository_creation_template.image_tag_mutability_exclusion_filters #=> Array
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter_type #=> String, one of "WILDCARD"
resp.repository_creation_template.image_tag_mutability_exclusion_filters[0].filter #=> String
resp.repository_creation_template.repository_policy #=> String
resp.repository_creation_template.lifecycle_policy #=> String
resp.repository_creation_template.applied_for #=> Array
resp.repository_creation_template.applied_for[0] #=> String, one of "REPLICATION", "PULL_THROUGH_CACHE", "CREATE_ON_PUSH"
resp.repository_creation_template.custom_role_arn #=> String
resp.repository_creation_template.created_at #=> Time
resp.repository_creation_template.updated_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :prefix (required, String)

    The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of ‘prod` would apply to all repositories beginning with `prod/`. This includes a repository named `prod/team1` as well as a repository named `prod/repository1`.

    To apply a template to all repositories in your registry that don’t have an associated creation template, you can use ‘ROOT` as the prefix.

  • :description (String)

    A description for the repository creation template.

  • :encryption_configuration (Types::EncryptionConfigurationForRepositoryCreationTemplate)

    The encryption configuration to associate with the repository creation template.

  • :resource_tags (Array<Types::Tag>)

    The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • :image_tag_mutability (String)

    Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of ‘MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

  • :image_tag_mutability_exclusion_filters (Array<Types::ImageTagMutabilityExclusionFilter>)

    A list of filters that specify which image tags should be excluded from the repository creation template’s image tag mutability setting.

  • :repository_policy (String)

    Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

  • :lifecycle_policy (String)

    Updates the lifecycle policy associated with the specified repository creation template.

  • :applied_for (Array<String>)

    Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The supported scenarios are ‘PULL_THROUGH_CACHE`, `REPLICATION`, and `CREATE_ON_PUSH`

  • :custom_role_arn (String)

    The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn’t specified, Amazon ECR will use the service-linked role for the repository creation template.

Returns:

See Also:



4383
4384
4385
4386
 
# File 'lib/aws-sdk-ecr/client.rb', line 4383

def update_repository_creation_template(params = {}, options = {})
  req = build_request(:update_repository_creation_template, params)
  req.send_request(options)
end

#upload_layer_part(params = {}) ⇒ Types::UploadLayerPartResponse

Uploads an image layer part to Amazon ECR.

When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.

<note markdown=“1”> This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the ‘docker` CLI to pull, tag, and push images.

</note>

Examples:

Request syntax with placeholder values


resp = client.upload_layer_part({
  registry_id: "RegistryId",
  repository_name: "RepositoryName", # required
  upload_id: "UploadId", # required
  part_first_byte: 1, # required
  part_last_byte: 1, # required
  layer_part_blob: "data", # required
})

Response structure


resp.registry_id #=> String
resp.repository_name #=> String
resp.upload_id #=> String
resp.last_byte_received #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :registry_id (String)

    The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.

  • :repository_name (required, String)

    The name of the repository to which you are uploading layer parts.

  • :upload_id (required, String)

    The upload ID from a previous InitiateLayerUpload operation to associate with the layer part upload.

  • :part_first_byte (required, Integer)

    The position of the first byte of the layer part witin the overall image layer.

  • :part_last_byte (required, Integer)

    The position of the last byte of the layer part within the overall image layer.

  • :layer_part_blob (required, String, StringIO, File)

    The base64-encoded layer part payload.

Returns:

See Also:



4453
4454
4455
4456
 
# File 'lib/aws-sdk-ecr/client.rb', line 4453

def upload_layer_part(params = {}, options = {})
  req = build_request(:upload_layer_part, params)
  req.send_request(options)
end

#validate_pull_through_cache_rule(params = {}) ⇒ Types::ValidatePullThroughCacheRuleResponse

Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.

Examples:

Request syntax with placeholder values


resp = client.validate_pull_through_cache_rule({
  ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
  registry_id: "RegistryId",
})

Response structure


resp.ecr_repository_prefix #=> String
resp.registry_id #=> String
resp.upstream_registry_url #=> String
resp.credential_arn #=> String
resp.custom_role_arn #=> String
resp.upstream_repository_prefix #=> String
resp.is_valid #=> Boolean
resp.failure #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :ecr_repository_prefix (required, String)

    The repository name prefix associated with the pull through cache rule.

  • :registry_id (String)

    The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Returns:

See Also:



4505
4506
4507
4508
 
# File 'lib/aws-sdk-ecr/client.rb', line 4505

def validate_pull_through_cache_rule(params = {}, options = {})
  req = build_request(:validate_pull_through_cache_rule, params)
  req.send_request(options)
end

#wait_until(waiter_name, params = {}, options = {}) {|w.waiter| ... } ⇒ Boolean

Polls an API operation until a resource enters a desired state.

## Basic Usage

A waiter will call an API operation until:

  • It is successful

  • It enters a terminal state

  • It makes the maximum number of attempts

In between attempts, the waiter will sleep.

# polls in a loop, sleeping between attempts
client.wait_until(waiter_name, params)

## Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. You can pass configuration as the final arguments hash.

# poll for ~25 seconds
client.wait_until(waiter_name, params, {
  max_attempts: 5,
  delay: 5,
})

## Callbacks

You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.

started_at = Time.now
client.wait_until(waiter_name, params, {

  # disable max attempts
  max_attempts: nil,

  # poll for 1 hour, instead of a number of attempts
  before_wait: -> (attempts, response) do
    throw :failure if Time.now - started_at > 3600
  end
})

## Handling Errors

When a waiter is unsuccessful, it will raise an error. All of the failure errors extend from Waiters::Errors::WaiterFailed.

begin
  client.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

## Valid Waiters

The following table lists the valid waiter names, the operations they call, and the default ‘:delay` and `:max_attempts` values.

| waiter_name | params | :delay | :max_attempts | | ——————————— | ————————————- | ——– | ————- | | image_scan_complete | #describe_image_scan_findings | 5 | 60 | | lifecycle_policy_preview_complete | #get_lifecycle_policy_preview | 5 | 20 |

Parameters:

  • waiter_name (Symbol)
  • params (Hash) (defaults to: {})

    ({})

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :max_attempts (Integer)
  • :delay (Integer)
  • :before_attempt (Proc)
  • :before_wait (Proc)

Yields:

  • (w.waiter)

Returns:

  • (Boolean)

    Returns ‘true` if the waiter was successful.

Raises:

  • (Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  • (Errors::TooManyAttemptsError)

    Raised when the configured maximum number of attempts have been made, and the waiter is not yet successful.

  • (Errors::UnexpectedError)

    Raised when an error is encounted while polling for a resource that is not expected.

  • (Errors::NoSuchWaiterError)

    Raised when you request to wait for an unknown state.



4621
4622
4623
4624
4625
 
# File 'lib/aws-sdk-ecr/client.rb', line 4621

def wait_until(waiter_name, params = {}, options = {})
  w = waiter(waiter_name, options)
  yield(w.waiter) if block_given? # deprecated
  w.wait(params)
end

#waiter_namesObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated. 


4629
4630
4631
 
# File 'lib/aws-sdk-ecr/client.rb', line 4629

def waiter_names
  waiters.keys
end