We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.ECR

Inherits:
AWS.Service show all
Identifier:
ecr
API Version:
2015-09-21
Defined in:
(unknown)

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR provides a secure, scalable, and reliable registry for your Docker or Open Container Initiative (OCI) images. Amazon ECR supports private repositories with resource-based permissions using IAM so that specific users or Amazon EC2 instances can access repositories and images.

Amazon ECR has service endpoints in each supported Region. For more information, see Amazon ECR endpoints in the Amazon Web Services General Reference.

Sending a Request Using ECR

var ecr = new AWS.ECR();
ecr.batchCheckLayerAvailability(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the ECR object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var ecr = new AWS.ECR({apiVersion: '2015-09-21'});

You can also set the API version globally in AWS.config.apiVersions using the ecr service identifier:

AWS.config.apiVersions = {
  ecr: '2015-09-21',
  // other service API versions
};

var ecr = new AWS.ECR();

Version:

  • 2015-09-21

Waiter Resource States

This service supports a list of resource states that can be polled using the waitFor() method. The resource states are:

imageScanComplete, lifecyclePolicyPreviewComplete

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Service

apiVersions

Method Summary collapse

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, setupRequestListeners, defineService

Constructor Details

new AWS.ECR(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Examples:

Constructing a ECR object

var ecr = new AWS.ECR({apiVersion: '2015-09-21'});

Options Hash (options):

  • params (map)

    An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.

  • endpoint (String|AWS.Endpoint)

    The endpoint URI to send requests to. The default endpoint is built from the configured region. The endpoint should be a string like 'https://{service}.{region}.amazonaws.com' or an Endpoint object.

  • accessKeyId (String)

    your AWS access key ID.

  • secretAccessKey (String)

    your AWS secret access key.

  • sessionToken (AWS.Credentials)

    the optional AWS session token to sign requests with.

  • credentials (AWS.Credentials)

    the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.

  • credentialProvider (AWS.CredentialProviderChain)

    the provider chain used to resolve credentials if no static credentials property is set.

  • region (String)

    the region to send service requests to. See AWS.ECR.region for more information.

  • maxRetries (Integer)

    the maximum amount of retries to attempt with a request. See AWS.ECR.maxRetries for more information.

  • maxRedirects (Integer)

    the maximum amount of redirects to follow with a request. See AWS.ECR.maxRedirects for more information.

  • sslEnabled (Boolean)

    whether to enable SSL for requests.

  • paramValidation (Boolean|map)

    whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:

    • min [Boolean] — Validates that a value meets the min constraint. This is enabled by default when paramValidation is set to true.
    • max [Boolean] — Validates that a value meets the max constraint.
    • pattern [Boolean] — Validates that a string value matches a regular expression.
    • enum [Boolean] — Validates that a string value matches one of the allowable enum values.
  • computeChecksums (Boolean)

    whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)

  • convertResponseTypes (Boolean)

    whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to true.

  • correctClockSkew (Boolean)

    whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to false.

  • s3ForcePathStyle (Boolean)

    whether to force path style URLs for S3 objects.

  • s3BucketEndpoint (Boolean)

    whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an endpoint to be provided explicitly to the service constructor.

  • s3DisableBodySigning (Boolean)

    whether S3 body signing should be disabled when using signature version v4. Body signing can only be disabled when using https. Defaults to true.

  • s3UsEast1RegionalEndpoint ('legacy'|'regional')

    when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to legacy

  • s3UseArnRegion (Boolean)

    whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to true

  • retryDelayOptions (map)

    A set of options to configure the retry delay on retryable errors. Currently supported options are:

    • base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
    • customBackoff [function] — A custom function that accepts a retry count and error and returns the amount of time to delay in milliseconds. If the result is a non-zero negative value, no further retry attempts will be made. The base option will be ignored if this option is supplied. The function is only called for retryable errors.
  • httpOptions (map)

    A set of options to pass to the low-level HTTP request. Currently supported options are:

    • proxy [String] — the URL to proxy requests through
    • agent [http.Agent, https.Agent] — the Agent object to perform HTTP requests with. Used for connection pooling. Defaults to the global agent (http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment.
    • connectTimeout [Integer] — Sets the socket to timeout after failing to establish a connection with the server after connectTimeout milliseconds. This timeout has no effect once a socket connection has been established.
    • timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
    • xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
    • xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
  • apiVersion (String, Date)

    a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by apiVersions). Specify 'latest' to use the latest possible version.

  • apiVersions (map<String, String|Date>)

    a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.

  • logger (#write, #log)

    an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests

  • systemClockOffset (Number)

    an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global AWS.config object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds.

  • signatureVersion (String)

    the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.

  • signatureCache (Boolean)

    whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to true.

  • dynamoDbCrc32 (Boolean)

    whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default: true.

  • useAccelerateEndpoint (Boolean)

    Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default: false.

  • clientSideMonitoring (Boolean)

    whether to collect and publish this client's performance metrics of all its API requests.

  • endpointDiscoveryEnabled (Boolean|undefined)

    whether to call operations with endpoints given by service dynamically. Setting this

  • endpointCacheSize (Number)

    the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000

  • hostPrefixEnabled (Boolean)

    whether to marshal request parameters to the prefix of hostname. Defaults to true.

  • stsRegionalEndpoints ('legacy'|'regional')

    whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.

  • useFipsEndpoint (Boolean)

    Enables FIPS compatible endpoints. Defaults to false.

  • useDualstackEndpoint (Boolean)

    Enables IPv6 dualstack endpoint. Defaults to false.

Property Details

endpointAWS.Endpoint (readwrite)

Returns an Endpoint object representing the endpoint URL for service requests.

Returns:

  • (AWS.Endpoint)

    an Endpoint object representing the endpoint URL for service requests.

Method Details

batchCheckLayerAvailability(params = {}, callback) ⇒ AWS.Request

Checks the availability of one or more image layers in a repository.

When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the batchCheckLayerAvailability operation

var params = {
  layerDigests: [ /* required */
    'STRING_VALUE',
    /* more items */
  ],
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.batchCheckLayerAvailability(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the image layers to check. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository that is associated with the image layers to check.

    • layerDigests — (Array<String>)

      The digests of the image layers to check.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • layers — (Array<map>)

        A list of image layer objects corresponding to the image layer references in the request.

        • layerDigest — (String)

          The sha256 digest of the image layer.

        • layerAvailability — (String)

          The availability status of the image layer.

          Possible values include:
          • "AVAILABLE"
          • "UNAVAILABLE"
        • layerSize — (Integer)

          The size, in bytes, of the image layer.

        • mediaType — (String)

          The media type of the layer, such as application/vnd.docker.image.rootfs.diff.tar.gzip or application/vnd.oci.image.layer.v1.tar+gzip.

      • failures — (Array<map>)

        Any failures associated with the call.

        • layerDigest — (String)

          The layer digest associated with the failure.

        • failureCode — (String)

          The failure code associated with the failure.

          Possible values include:
          • "InvalidLayerDigest"
          • "MissingLayerDigest"
        • failureReason — (String)

          The reason for the failure.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchDeleteImage(params = {}, callback) ⇒ AWS.Request

Deletes a list of specified images within a repository. Images are specified with either an imageTag or imageDigest.

You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.

You can completely delete an image (and all of its tags) by specifying the image's digest in your request.

Service Reference:

Examples:

To delete multiple images


/* This example deletes images with the tags precise and trusty in a repository called ubuntu in the default registry for an account. */

 var params = {
  imageIds: [
     {
    imageTag: "precise"
   }
  ], 
  repositoryName: "ubuntu"
 };
 ecr.batchDeleteImage(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    failures: [
    ], 
    imageIds: [
       {
      imageDigest: "sha256:examplee6d1e504117a17000003d3753086354a38375961f2e665416ef4b1b2f", 
      imageTag: "precise"
     }
    ]
   }
   */
 });

Calling the batchDeleteImage operation

var params = {
  imageIds: [ /* required */
    {
      imageDigest: 'STRING_VALUE',
      imageTag: 'STRING_VALUE'
    },
    /* more items */
  ],
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.batchDeleteImage(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the image to delete. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository that contains the image to delete.

    • imageIds — (Array<map>)

      A list of image ID references that correspond to images to delete. The format of the imageIds reference is imageTag=tag or imageDigest=digest.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • imageIds — (Array<map>)

        The image IDs of the deleted images.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • failures — (Array<map>)

        Any failures associated with the call.

        • imageId — (map)

          The image ID associated with the failure.

          • imageDigest — (String)

            The sha256 digest of the image manifest.

          • imageTag — (String)

            The tag used for the image.

        • failureCode — (String)

          The code associated with the failure.

          Possible values include:
          • "InvalidImageDigest"
          • "InvalidImageTag"
          • "ImageTagDoesNotMatchDigest"
          • "ImageNotFound"
          • "MissingDigestAndTag"
          • "ImageReferencedByManifestList"
          • "KmsError"
          • "UpstreamAccessDenied"
          • "UpstreamTooManyRequests"
          • "UpstreamUnavailable"
        • failureReason — (String)

          The reason for the failure.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchGetImage(params = {}, callback) ⇒ AWS.Request

Gets detailed information for an image. Images are specified with either an imageTag or imageDigest.

When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.

Service Reference:

Examples:

To obtain multiple images in a single request


/* This example obtains information for an image with a specified image digest ID from the repository named ubuntu in the current account. */

 var params = {
  imageIds: [
     {
    imageTag: "precise"
   }
  ], 
  repositoryName: "ubuntu"
 };
 ecr.batchGetImage(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    failures: [
    ], 
    images: [
       {
      imageId: {
       imageDigest: "sha256:example76bdff6d83a09ba2a818f0d00000063724a9ac3ba5019c56f74ebf42a", 
       imageTag: "precise"
      }, 
      imageManifest: "{\n \"schemaVersion\": 1,\n \"name\": \"ubuntu\",\n \"tag\": \"precise\",\n...", 
      registryId: "244698725403", 
      repositoryName: "ubuntu"
     }
    ]
   }
   */
 });

Calling the batchGetImage operation

var params = {
  imageIds: [ /* required */
    {
      imageDigest: 'STRING_VALUE',
      imageTag: 'STRING_VALUE'
    },
    /* more items */
  ],
  repositoryName: 'STRING_VALUE', /* required */
  acceptedMediaTypes: [
    'STRING_VALUE',
    /* more items */
  ],
  registryId: 'STRING_VALUE'
};
ecr.batchGetImage(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the images to describe. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository that contains the images to describe.

    • imageIds — (Array<map>)

      A list of image ID references that correspond to images to describe. The format of the imageIds reference is imageTag=tag or imageDigest=digest.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • acceptedMediaTypes — (Array<String>)

      The accepted media types for the request.

      Valid values: application/vnd.docker.distribution.manifest.v1+json | application/vnd.docker.distribution.manifest.v2+json | application/vnd.oci.image.manifest.v1+json

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • images — (Array<map>)

        A list of image objects corresponding to the image references in the request.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry containing the image.

        • repositoryName — (String)

          The name of the repository associated with the image.

        • imageId — (map)

          An object containing the image tag and image digest associated with an image.

          • imageDigest — (String)

            The sha256 digest of the image manifest.

          • imageTag — (String)

            The tag used for the image.

        • imageManifest — (String)

          The image manifest associated with the image.

        • imageManifestMediaType — (String)

          The manifest media type of the image.

      • failures — (Array<map>)

        Any failures associated with the call.

        • imageId — (map)

          The image ID associated with the failure.

          • imageDigest — (String)

            The sha256 digest of the image manifest.

          • imageTag — (String)

            The tag used for the image.

        • failureCode — (String)

          The code associated with the failure.

          Possible values include:
          • "InvalidImageDigest"
          • "InvalidImageTag"
          • "ImageTagDoesNotMatchDigest"
          • "ImageNotFound"
          • "MissingDigestAndTag"
          • "ImageReferencedByManifestList"
          • "KmsError"
          • "UpstreamAccessDenied"
          • "UpstreamTooManyRequests"
          • "UpstreamUnavailable"
        • failureReason — (String)

          The reason for the failure.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchGetRepositoryScanningConfiguration(params = {}, callback) ⇒ AWS.Request

Gets the scanning configuration for one or more repositories.

Service Reference:

Examples:

Calling the batchGetRepositoryScanningConfiguration operation

var params = {
  repositoryNames: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
ecr.batchGetRepositoryScanningConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • repositoryNames — (Array<String>)

      One or more repository names to get the scanning configuration for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • scanningConfigurations — (Array<map>)

        The scanning configuration for the requested repositories.

        • repositoryArn — (String)

          The ARN of the repository.

        • repositoryName — (String)

          The name of the repository.

        • scanOnPush — (Boolean)

          Whether or not scan on push is configured for the repository.

        • scanFrequency — (String)

          The scan frequency for the repository.

          Possible values include:
          • "SCAN_ON_PUSH"
          • "CONTINUOUS_SCAN"
          • "MANUAL"
        • appliedScanFilters — (Array<map>)

          The scan filters applied to the repository.

          • filterrequired — (String)

            The filter to use when scanning.

          • filterTyperequired — (String)

            The type associated with the filter.

            Possible values include:
            • "WILDCARD"
      • failures — (Array<map>)

        Any failures associated with the call.

        • repositoryName — (String)

          The name of the repository.

        • failureCode — (String)

          The failure code.

          Possible values include:
          • "REPOSITORY_NOT_FOUND"
        • failureReason — (String)

          The reason for the failure.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

completeLayerUpload(params = {}, callback) ⇒ AWS.Request

Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes.

When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the completeLayerUpload operation

var params = {
  layerDigests: [ /* required */
    'STRING_VALUE',
    /* more items */
  ],
  repositoryName: 'STRING_VALUE', /* required */
  uploadId: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.completeLayerUpload(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to which to upload layers. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to associate with the image layer.

    • uploadId — (String)

      The upload ID from a previous InitiateLayerUpload operation to associate with the image layer.

    • layerDigests — (Array<String>)

      The sha256 digest of the image layer.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • uploadId — (String)

        The upload ID associated with the layer.

      • layerDigest — (String)

        The sha256 digest of the image layer.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createPullThroughCacheRule(params = {}, callback) ⇒ AWS.Request

Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Calling the createPullThroughCacheRule operation

var params = {
  ecrRepositoryPrefix: 'STRING_VALUE', /* required */
  upstreamRegistryUrl: 'STRING_VALUE', /* required */
  credentialArn: 'STRING_VALUE',
  registryId: 'STRING_VALUE',
  upstreamRegistry: ecr-public | quay | k8s | docker-hub | github-container-registry | azure-container-registry | gitlab-container-registry
};
ecr.createPullThroughCacheRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ecrRepositoryPrefix — (String)

      The repository name prefix to use when caching images from the source registry.

    • upstreamRegistryUrl — (String)

      The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.

      • Amazon ECR Public (ecr-public) - public.ecr.aws

      • Docker Hub (docker-hub) - registry-1.docker.io

      • Quay (quay) - quay.io

      • Kubernetes (k8s) - registry.k8s.io

      • GitHub Container Registry (github-container-registry) - ghcr.io

      • Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io

    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.

    • upstreamRegistry — (String)

      The name of the upstream registry.

      Possible values include:
      • "ecr-public"
      • "quay"
      • "k8s"
      • "docker-hub"
      • "github-container-registry"
      • "azure-container-registry"
      • "gitlab-container-registry"
    • credentialArn — (String)

      The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ecrRepositoryPrefix — (String)

        The Amazon ECR repository prefix associated with the pull through cache rule.

      • upstreamRegistryUrl — (String)

        The upstream registry URL associated with the pull through cache rule.

      • createdAt — (Date)

        The date and time, in JavaScript date format, when the pull through cache rule was created.

      • registryId — (String)

        The registry ID associated with the request.

      • upstreamRegistry — (String)

        The name of the upstream registry associated with the pull through cache rule.

        Possible values include:
        • "ecr-public"
        • "quay"
        • "k8s"
        • "docker-hub"
        • "github-container-registry"
        • "azure-container-registry"
        • "gitlab-container-registry"
      • credentialArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createRepository(params = {}, callback) ⇒ AWS.Request

Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

To create a new repository


/* This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account. */

 var params = {
  repositoryName: "project-a/nginx-web-app"
 };
 ecr.createRepository(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    repository: {
     registryId: "012345678901", 
     repositoryArn: "arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app", 
     repositoryName: "project-a/nginx-web-app"
    }
   }
   */
 });

Calling the createRepository operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  encryptionConfiguration: {
    encryptionType: AES256 | KMS, /* required */
    kmsKey: 'STRING_VALUE'
  },
  imageScanningConfiguration: {
    scanOnPush: true || false
  },
  imageTagMutability: MUTABLE | IMMUTABLE,
  registryId: 'STRING_VALUE',
  tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
ecr.createRepository(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app).

      The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.

    • tags — (Array<map>)

      The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

      • Keyrequired — (String)

        One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

      • Valuerequired — (String)

        A value acts as a descriptor within a tag category (key).

    • imageTagMutability — (String)

      The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      Possible values include:
      • "MUTABLE"
      • "IMMUTABLE"
    • imageScanningConfiguration — (map)

      The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.

      • scanOnPush — (Boolean)

        The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

    • encryptionConfiguration — (map)

      The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

      • encryptionTyperequired — (String)

        The encryption type to use.

        If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

        If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

        Possible values include:
        • "AES256"
        • "KMS"
      • kmsKey — (String)

        If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • repository — (map)

        The repository that was created.

        • repositoryArn — (String)

          The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry that contains the repository.

        • repositoryName — (String)

          The name of the repository.

        • repositoryUri — (String)

          The URI for the repository. You can use this URI for container image push and pull operations.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository was created.

        • imageTagMutability — (String)

          The tag mutability setting for the repository.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • imageScanningConfiguration — (map)

          The image scanning configuration for a repository.

          • scanOnPush — (Boolean)

            The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

        • encryptionConfiguration — (map)

          The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createRepositoryCreationTemplate(params = {}, callback) ⇒ AWS.Request

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Create a new repository creation template


/* This example creates a repository creation template. */

 var params = {
  appliedFor: [
     "REPLICATION", 
     "PULL_THROUGH_CACHE"
  ], 
  description: "Repos for testing images", 
  encryptionConfiguration: {
   encryptionType: "AES256"
  }, 
  imageTagMutability: "MUTABLE", 
  lifecyclePolicy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
  prefix: "eng/test", 
  repositoryPolicy: "{\r\n  \"Version\": \"2012-10-17\",\r\n  \"Statement\": [\r\n    {\r\n      \"Sid\": \"LambdaECRPullPolicy\",\r\n      \"Effect\": \"Allow\",\r\n      \"Principal\": {\r\n        \"Service\": \"lambda.amazonaws.com\"\r\n      },\r\n      \"Action\": \"ecr:BatchGetImage\"\r\n    }\r\n  ]\r\n}", 
  resourceTags: [
     {
    Key: "environment", 
    Value: "test"
   }
  ]
 };
 ecr.createRepositoryCreationTemplate(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    registryId: "012345678901", 
    repositoryCreationTemplate: {
     appliedFor: [
        "REPLICATION", 
        "PULL_THROUGH_CACHE"
     ], 
     createdAt: <Date Representation>, 
     description: "Repos for testing images", 
     encryptionConfiguration: {
      encryptionType: "AES256"
     }, 
     imageTagMutability: "MUTABLE", 
     lifecyclePolicy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
     prefix: "eng/test", 
     repositoryPolicy: "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"LambdaECRPullPolicy\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"Service\" : \"lambda.amazonaws.com\"\n    },\n    \"Action\" : \"ecr:BatchGetImage\"\n  } ]\n}", 
     resourceTags: [
        {
       Key: "environment", 
       Value: "test"
      }
     ], 
     updatedAt: <Date Representation>
    }
   }
   */
 });

Calling the createRepositoryCreationTemplate operation

var params = {
  appliedFor: [ /* required */
    REPLICATION | PULL_THROUGH_CACHE,
    /* more items */
  ],
  prefix: 'STRING_VALUE', /* required */
  customRoleArn: 'STRING_VALUE',
  description: 'STRING_VALUE',
  encryptionConfiguration: {
    encryptionType: AES256 | KMS, /* required */
    kmsKey: 'STRING_VALUE'
  },
  imageTagMutability: MUTABLE | IMMUTABLE,
  lifecyclePolicy: 'STRING_VALUE',
  repositoryPolicy: 'STRING_VALUE',
  resourceTags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
ecr.createRepositoryCreationTemplate(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • prefix — (String)

      The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. Similarly, a prefix of prod/team would apply to all repositories beginning with prod/team/.

      To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

      There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.

    • description — (String)

      A description for the repository creation template.

    • encryptionConfiguration — (map)

      The encryption configuration to use for repositories created using the template.

      • encryptionTyperequired — (String)

        The encryption type to use.

        If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

        If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

        Possible values include:
        • "AES256"
        • "KMS"
      • kmsKey — (String)

        If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

    • resourceTags — (Array<map>)

      The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

      • Keyrequired — (String)

        One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

      • Valuerequired — (String)

        A value acts as a descriptor within a tag category (key).

    • imageTagMutability — (String)

      The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      Possible values include:
      • "MUTABLE"
      • "IMMUTABLE"
    • repositoryPolicy — (String)

      The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

    • lifecyclePolicy — (String)

      The lifecycle policy to use for repositories created using the template.

    • appliedFor — (Array<String>)

      A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

    • customRoleArn — (String)

      The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryCreationTemplate — (map)

        The details of the repository creation template associated with the request.

        • prefix — (String)

          The repository namespace prefix associated with the repository creation template.

        • description — (String)

          The description associated with the repository creation template.

        • encryptionConfiguration — (map)

          The encryption configuration associated with the repository creation template.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

        • resourceTags — (Array<map>)

          The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Keyrequired — (String)

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Valuerequired — (String)

            A value acts as a descriptor within a tag category (key).

        • imageTagMutability — (String)

          The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • repositoryPolicy — (String)

          he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

        • lifecyclePolicy — (String)

          The lifecycle policy to use for repositories created using the template.

        • appliedFor — (Array<String>)

          A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • customRoleArn — (String)

          The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was created.

        • updatedAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was last updated.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteLifecyclePolicy(params = {}, callback) ⇒ AWS.Request

Deletes the lifecycle policy associated with the specified repository.

Service Reference:

Examples:

Calling the deleteLifecyclePolicy operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.deleteLifecyclePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON lifecycle policy text.

      • lastEvaluatedAt — (Date)

        The time stamp of the last time that the lifecycle policy was run.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deletePullThroughCacheRule(params = {}, callback) ⇒ AWS.Request

Deletes a pull through cache rule.

Service Reference:

Examples:

Calling the deletePullThroughCacheRule operation

var params = {
  ecrRepositoryPrefix: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.deletePullThroughCacheRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ecrRepositoryPrefix — (String)

      The Amazon ECR repository prefix associated with the pull through cache rule to delete.

    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ecrRepositoryPrefix — (String)

        The Amazon ECR repository prefix associated with the request.

      • upstreamRegistryUrl — (String)

        The upstream registry URL associated with the pull through cache rule.

      • createdAt — (Date)

        The timestamp associated with the pull through cache rule.

      • registryId — (String)

        The registry ID associated with the request.

      • credentialArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteRegistryPolicy(params = {}, callback) ⇒ AWS.Request

Deletes the registry permissions policy.

Service Reference:

Examples:

Calling the deleteRegistryPolicy operation

var params = {
};
ecr.deleteRegistryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • policyText — (String)

        The contents of the registry permissions policy that was deleted.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteRepository(params = {}, callback) ⇒ AWS.Request

Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

Service Reference:

Examples:

To force delete a repository


/* This example force deletes a repository named ubuntu in the default registry for an account. The force parameter is required if the repository contains images. */

 var params = {
  force: true, 
  repositoryName: "ubuntu"
 };
 ecr.deleteRepository(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    repository: {
     registryId: "012345678901", 
     repositoryArn: "arn:aws:ecr:us-west-2:012345678901:repository/ubuntu", 
     repositoryName: "ubuntu"
    }
   }
   */
 });

Calling the deleteRepository operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  force: true || false,
  registryId: 'STRING_VALUE'
};
ecr.deleteRepository(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to delete.

    • force — (Boolean)

      If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • repository — (map)

        The repository that was deleted.

        • repositoryArn — (String)

          The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry that contains the repository.

        • repositoryName — (String)

          The name of the repository.

        • repositoryUri — (String)

          The URI for the repository. You can use this URI for container image push and pull operations.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository was created.

        • imageTagMutability — (String)

          The tag mutability setting for the repository.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • imageScanningConfiguration — (map)

          The image scanning configuration for a repository.

          • scanOnPush — (Boolean)

            The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

        • encryptionConfiguration — (map)

          The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteRepositoryCreationTemplate(params = {}, callback) ⇒ AWS.Request

Deletes a repository creation template.

Service Reference:

Examples:

Delete a repository creation template


/* This example deletes a repository creation template. */

 var params = {
  prefix: "eng"
 };
 ecr.deleteRepositoryCreationTemplate(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    registryId: "012345678901", 
    repositoryCreationTemplate: {
     createdAt: <Date Representation>, 
     encryptionConfiguration: {
      encryptionType: "AES256"
     }, 
     imageTagMutability: "MUTABLE", 
     prefix: "eng", 
     updatedAt: <Date Representation>
    }
   }
   */
 });

Calling the deleteRepositoryCreationTemplate operation

var params = {
  prefix: 'STRING_VALUE' /* required */
};
ecr.deleteRepositoryCreationTemplate(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • prefix — (String)

      The repository namespace prefix associated with the repository creation template.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryCreationTemplate — (map)

        The details of the repository creation template that was deleted.

        • prefix — (String)

          The repository namespace prefix associated with the repository creation template.

        • description — (String)

          The description associated with the repository creation template.

        • encryptionConfiguration — (map)

          The encryption configuration associated with the repository creation template.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

        • resourceTags — (Array<map>)

          The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Keyrequired — (String)

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Valuerequired — (String)

            A value acts as a descriptor within a tag category (key).

        • imageTagMutability — (String)

          The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • repositoryPolicy — (String)

          he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

        • lifecyclePolicy — (String)

          The lifecycle policy to use for repositories created using the template.

        • appliedFor — (Array<String>)

          A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • customRoleArn — (String)

          The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was created.

        • updatedAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was last updated.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteRepositoryPolicy(params = {}, callback) ⇒ AWS.Request

Deletes the repository policy associated with the specified repository.

Service Reference:

Examples:

To delete the policy associated with a repository


/* This example deletes the policy associated with the repository named ubuntu in the current account. */

 var params = {
  repositoryName: "ubuntu"
 };
 ecr.deleteRepositoryPolicy(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    policyText: "{ ... }", 
    registryId: "012345678901", 
    repositoryName: "ubuntu"
   }
   */
 });

Calling the deleteRepositoryPolicy operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.deleteRepositoryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository that is associated with the repository policy to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • policyText — (String)

        The JSON repository policy that was deleted from the repository.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeImageReplicationStatus(params = {}, callback) ⇒ AWS.Request

Returns the replication status for a specified image.

Service Reference:

Examples:

Calling the describeImageReplicationStatus operation

var params = {
  imageId: { /* required */
    imageDigest: 'STRING_VALUE',
    imageTag: 'STRING_VALUE'
  },
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.describeImageReplicationStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • repositoryName — (String)

      The name of the repository that the image is in.

    • imageId — (map)

      An object with identifying information for an image in an Amazon ECR repository.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • registryId — (String)

      The Amazon Web Services account ID associated with the registry. If you do not specify a registry, the default registry is assumed.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • repositoryName — (String)

        The repository name associated with the request.

      • imageId — (map)

        An object with identifying information for an image in an Amazon ECR repository.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • replicationStatuses — (Array<map>)

        The replication status details for the images in the specified repository.

        • region — (String)

          The destination Region for the image replication.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry to which the image belongs.

        • status — (String)

          The image replication status.

          Possible values include:
          • "IN_PROGRESS"
          • "COMPLETE"
          • "FAILED"
        • failureCode — (String)

          The failure code for a replication that has failed.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeImages(params = {}, callback) ⇒ AWS.Request

Returns metadata about the images in a repository.

Note: Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.

Service Reference:

Examples:

Calling the describeImages operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  filter: {
    tagStatus: TAGGED | UNTAGGED | ANY
  },
  imageIds: [
    {
      imageDigest: 'STRING_VALUE',
      imageTag: 'STRING_VALUE'
    },
    /* more items */
  ],
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.describeImages(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository that contains the images to describe.

    • imageIds — (Array<map>)

      The list of image IDs for the requested repository.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribeImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify images with imageIds.

    • maxResults — (Integer)

      The maximum number of repository results returned by DescribeImages in paginated output. When this parameter is used, DescribeImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImages returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify images with imageIds.

    • filter — (map)

      The filter key and value with which to filter your DescribeImages results.

      • tagStatus — (String)

        The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED.

        Possible values include:
        • "TAGGED"
        • "UNTAGGED"
        • "ANY"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • imageDetails — (Array<map>)

        A list of ImageDetail objects that contain data about the image.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry to which this image belongs.

        • repositoryName — (String)

          The name of the repository to which this image belongs.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTags — (Array<String>)

          The list of tags associated with this image.

        • imageSizeInBytes — (Integer)

          The size, in bytes, of the image in the repository.

          If the image is a manifest list, this will be the max size of all manifests in the list.

          Note: Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.
        • imagePushedAt — (Date)

          The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.

        • imageScanStatus — (map)

          The current state of the scan.

          • status — (String)

            The current state of an image scan.

            Possible values include:
            • "IN_PROGRESS"
            • "COMPLETE"
            • "FAILED"
            • "UNSUPPORTED_IMAGE"
            • "ACTIVE"
            • "PENDING"
            • "SCAN_ELIGIBILITY_EXPIRED"
            • "FINDINGS_UNAVAILABLE"
          • description — (String)

            The description of the image scan status.

        • imageScanFindingsSummary — (map)

          A summary of the last completed image scan.

          • imageScanCompletedAt — (Date)

            The time of the last completed image scan.

          • vulnerabilitySourceUpdatedAt — (Date)

            The time when the vulnerability data was last scanned.

          • findingSeverityCounts — (map<Integer>)

            The image vulnerability counts, sorted by severity.

        • imageManifestMediaType — (String)

          The media type of the image manifest.

        • artifactMediaType — (String)

          The artifact media type of the image.

        • lastRecordedPullTime — (Date)

          The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.

          Note: Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the lastRecordedPullTime timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the lastRecordedPullTime timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.
      • nextToken — (String)

        The nextToken value to include in a future DescribeImages request. When the results of a DescribeImages request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeImageScanFindings(params = {}, callback) ⇒ AWS.Request

Returns the scan findings for the specified image.

Service Reference:

Examples:

Calling the describeImageScanFindings operation

var params = {
  imageId: { /* required */
    imageDigest: 'STRING_VALUE',
    imageTag: 'STRING_VALUE'
  },
  repositoryName: 'STRING_VALUE', /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.describeImageScanFindings(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository for the image for which to describe the scan findings.

    • imageId — (map)

      An object with identifying information for an image in an Amazon ECR repository.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribeImageScanFindings request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    • maxResults — (Integer)

      The maximum number of image scan results returned by DescribeImageScanFindings in paginated output. When this parameter is used, DescribeImageScanFindings only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings returns up to 100 results and a nextToken value, if applicable.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • imageId — (map)

        An object with identifying information for an image in an Amazon ECR repository.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • imageScanStatus — (map)

        The current state of the scan.

        • status — (String)

          The current state of an image scan.

          Possible values include:
          • "IN_PROGRESS"
          • "COMPLETE"
          • "FAILED"
          • "UNSUPPORTED_IMAGE"
          • "ACTIVE"
          • "PENDING"
          • "SCAN_ELIGIBILITY_EXPIRED"
          • "FINDINGS_UNAVAILABLE"
        • description — (String)

          The description of the image scan status.

      • imageScanFindings — (map)

        The information contained in the image scan findings.

        • imageScanCompletedAt — (Date)

          The time of the last completed image scan.

        • vulnerabilitySourceUpdatedAt — (Date)

          The time when the vulnerability data was last scanned.

        • findingSeverityCounts — (map<Integer>)

          The image vulnerability counts, sorted by severity.

        • findings — (Array<map>)

          The findings from the image scan.

          • name — (String)

            The name associated with the finding, usually a CVE number.

          • description — (String)

            The description of the finding.

          • uri — (String)

            A link containing additional details about the security vulnerability.

          • severity — (String)

            The finding severity.

            Possible values include:
            • "INFORMATIONAL"
            • "LOW"
            • "MEDIUM"
            • "HIGH"
            • "CRITICAL"
            • "UNDEFINED"
          • attributes — (Array<map>)

            A collection of attributes of the host from which the finding is generated.

            • keyrequired — (String)

              The attribute key.

            • value — (String)

              The value assigned to the attribute key.

        • enhancedFindings — (Array<map>)

          Details about the enhanced scan findings from Amazon Inspector.

          • awsAccountId — (String)

            The Amazon Web Services account ID associated with the image.

          • description — (String)

            The description of the finding.

          • findingArn — (String)

            The Amazon Resource Number (ARN) of the finding.

          • firstObservedAt — (Date)

            The date and time that the finding was first observed.

          • lastObservedAt — (Date)

            The date and time that the finding was last observed.

          • packageVulnerabilityDetails — (map)

            An object that contains the details of a package vulnerability finding.

            • cvss — (Array<map>)

              An object that contains details about the CVSS score of a finding.

              • baseScore — (Float)

                The base CVSS score used for the finding.

              • scoringVector — (String)

                The vector string of the CVSS score.

              • source — (String)

                The source of the CVSS score.

              • version — (String)

                The version of CVSS used for the score.

            • referenceUrls — (Array<String>)

              One or more URLs that contain details about this vulnerability type.

            • relatedVulnerabilities — (Array<String>)

              One or more vulnerabilities related to the one identified in this finding.

            • source — (String)

              The source of the vulnerability information.

            • sourceUrl — (String)

              A URL to the source of the vulnerability information.

            • vendorCreatedAt — (Date)

              The date and time that this vulnerability was first added to the vendor's database.

            • vendorSeverity — (String)

              The severity the vendor has given to this vulnerability type.

            • vendorUpdatedAt — (Date)

              The date and time the vendor last updated this vulnerability in their database.

            • vulnerabilityId — (String)

              The ID given to this vulnerability.

            • vulnerablePackages — (Array<map>)

              The packages impacted by this vulnerability.

              • arch — (String)

                The architecture of the vulnerable package.

              • epoch — (Integer)

                The epoch of the vulnerable package.

              • filePath — (String)

                The file path of the vulnerable package.

              • name — (String)

                The name of the vulnerable package.

              • packageManager — (String)

                The package manager of the vulnerable package.

              • release — (String)

                The release of the vulnerable package.

              • sourceLayerHash — (String)

                The source layer hash of the vulnerable package.

              • version — (String)

                The version of the vulnerable package.

          • remediation — (map)

            An object that contains the details about how to remediate a finding.

            • recommendation — (map)

              An object that contains information about the recommended course of action to remediate the finding.

              • url — (String)

                The URL address to the CVE remediation recommendations.

              • text — (String)

                The recommended course of action to remediate the finding.

          • resources — (Array<map>)

            Contains information on the resources involved in a finding.

            • details — (map)

              An object that contains details about the resource involved in a finding.

              • awsEcrContainerImage — (map)

                An object that contains details about the Amazon ECR container image involved in the finding.

                • architecture — (String)

                  The architecture of the Amazon ECR container image.

                • author — (String)

                  The image author of the Amazon ECR container image.

                • imageHash — (String)

                  The image hash of the Amazon ECR container image.

                • imageTags — (Array<String>)

                  The image tags attached to the Amazon ECR container image.

                • platform — (String)

                  The platform of the Amazon ECR container image.

                • pushedAt — (Date)

                  The date and time the Amazon ECR container image was pushed.

                • registry — (String)

                  The registry the Amazon ECR container image belongs to.

                • repositoryName — (String)

                  The name of the repository the Amazon ECR container image resides in.

            • id — (String)

              The ID of the resource.

            • tags — (map<String>)

              The tags attached to the resource.

            • type — (String)

              The type of resource.

          • score — (Float)

            The Amazon Inspector score given to the finding.

          • scoreDetails — (map)

            An object that contains details of the Amazon Inspector score.

            • cvss — (map)

              An object that contains details about the CVSS score given to a finding.

              • adjustments — (Array<map>)

                An object that contains details about adjustment Amazon Inspector made to the CVSS score.

                • metric — (String)

                  The metric used to adjust the CVSS score.

                • reason — (String)

                  The reason the CVSS score has been adjustment.

              • score — (Float)

                The CVSS score.

              • scoreSource — (String)

                The source for the CVSS score.

              • scoringVector — (String)

                The vector for the CVSS score.

              • version — (String)

                The CVSS version used in scoring.

          • severity — (String)

            The severity of the finding.

          • status — (String)

            The status of the finding.

          • title — (String)

            The title of the finding.

          • type — (String)

            The type of the finding.

          • updatedAt — (Date)

            The date and time the finding was last updated at.

      • nextToken — (String)

        The nextToken value to include in a future DescribeImageScanFindings request. When the results of a DescribeImageScanFindings request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

Waiter Resource States:

describePullThroughCacheRules(params = {}, callback) ⇒ AWS.Request

Returns the pull through cache rules for a registry.

Service Reference:

Examples:

Calling the describePullThroughCacheRules operation

var params = {
  ecrRepositoryPrefixes: [
    'STRING_VALUE',
    /* more items */
  ],
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.describePullThroughCacheRules(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.

    • ecrRepositoryPrefixes — (Array<String>)

      The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribePullThroughCacheRulesRequest request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    • maxResults — (Integer)

      The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • pullThroughCacheRules — (Array<map>)

        The details of the pull through cache rules.

        • ecrRepositoryPrefix — (String)

          The Amazon ECR repository prefix associated with the pull through cache rule.

        • upstreamRegistryUrl — (String)

          The upstream registry URL associated with the pull through cache rule.

        • createdAt — (Date)

          The date and time the pull through cache was created.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.

        • credentialArn — (String)

          The ARN of the Secrets Manager secret associated with the pull through cache rule.

        • upstreamRegistry — (String)

          The name of the upstream source registry associated with the pull through cache rule.

          Possible values include:
          • "ecr-public"
          • "quay"
          • "k8s"
          • "docker-hub"
          • "github-container-registry"
          • "azure-container-registry"
          • "gitlab-container-registry"
        • updatedAt — (Date)

          The date and time, in JavaScript date format, when the pull through cache rule was last updated.

      • nextToken — (String)

        The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeRegistry(params = {}, callback) ⇒ AWS.Request

Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.

Service Reference:

Examples:

Calling the describeRegistry operation

var params = {
};
ecr.describeRegistry(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • replicationConfiguration — (map)

        The replication configuration for the registry.

        • rulesrequired — (Array<map>)

          An array of objects representing the replication destinations and repository filters for a replication configuration.

          • destinationsrequired — (Array<map>)

            An array of objects representing the destination for a replication rule.

            • regionrequired — (String)

              The Region to replicate to.

            • registryIdrequired — (String)

              The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.

          • repositoryFilters — (Array<map>)

            An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.

            • filterrequired — (String)

              The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.

            • filterTyperequired — (String)

              The repository filter type. The only supported value is PREFIX_MATCH, which is a repository name prefix specified with the filter parameter.

              Possible values include:
              • "PREFIX_MATCH"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeRepositories(params = {}, callback) ⇒ AWS.Request

Describes image repositories in a registry.

Service Reference:

Examples:

To describe all repositories in the current account


/* The following example obtains a list and description of all repositories in the default registry to which the current user has access. */

 var params = {
 };
 ecr.describeRepositories(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    repositories: [
       {
      registryId: "012345678910", 
      repositoryArn: "arn:aws:ecr:us-west-2:012345678910:repository/ubuntu", 
      repositoryName: "ubuntu"
     }, 
       {
      registryId: "012345678910", 
      repositoryArn: "arn:aws:ecr:us-west-2:012345678910:repository/test", 
      repositoryName: "test"
     }
    ]
   }
   */
 });

Calling the describeRepositories operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE',
  repositoryNames: [
    'STRING_VALUE',
    /* more items */
  ]
};
ecr.describeRepositories(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.

    • repositoryNames — (Array<String>)

      A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribeRepositories request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames.

      Note: This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
    • maxResults — (Integer)

      The maximum number of repository results returned by DescribeRepositories in paginated output. When this parameter is used, DescribeRepositories only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositories request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositories returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify repositories with repositoryNames.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • repositories — (Array<map>)

        A list of repository objects corresponding to valid repositories.

        • repositoryArn — (String)

          The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry that contains the repository.

        • repositoryName — (String)

          The name of the repository.

        • repositoryUri — (String)

          The URI for the repository. You can use this URI for container image push and pull operations.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository was created.

        • imageTagMutability — (String)

          The tag mutability setting for the repository.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • imageScanningConfiguration — (map)

          The image scanning configuration for a repository.

          • scanOnPush — (Boolean)

            The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

        • encryptionConfiguration — (map)

          The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

      • nextToken — (String)

        The nextToken value to include in a future DescribeRepositories request. When the results of a DescribeRepositories request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeRepositoryCreationTemplates(params = {}, callback) ⇒ AWS.Request

Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.

Service Reference:

Examples:

Describe a repository creation template


/* This example describes the contents of a repository creation template. */

 var params = {
  maxResults: 123, 
  nextToken: "", 
  prefixes: [
     "eng"
  ]
 };
 ecr.describeRepositoryCreationTemplates(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    nextToken: "", 
    registryId: "012345678901", 
    repositoryCreationTemplates: [
       {
      appliedFor: [
         "PULL_THROUGH_CACHE", 
         "REPLICATION"
      ], 
      createdAt: <Date Representation>, 
      encryptionConfiguration: {
       encryptionType: "AES256"
      }, 
      imageTagMutability: "MUTABLE", 
      prefix: "eng/test", 
      updatedAt: <Date Representation>
     }, 
       {
      appliedFor: [
         "REPLICATION"
      ], 
      createdAt: <Date Representation>, 
      encryptionConfiguration: {
       encryptionType: "AES256"
      }, 
      imageTagMutability: "IMMUTABLE", 
      prefix: "eng/replication-test", 
      updatedAt: <Date Representation>
     }
    ]
   }
   */
 });

Calling the describeRepositoryCreationTemplates operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  prefixes: [
    'STRING_VALUE',
    /* more items */
  ]
};
ecr.describeRepositoryCreationTemplates(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • prefixes — (Array<String>)

      The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

      Note: This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
    • maxResults — (Integer)

      The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositoryCreationTemplatesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositoryCreationTemplatesRequest returns up to 100 results and a nextToken value, if applicable.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryCreationTemplates — (Array<map>)

        The details of the repository creation templates.

        • prefix — (String)

          The repository namespace prefix associated with the repository creation template.

        • description — (String)

          The description associated with the repository creation template.

        • encryptionConfiguration — (map)

          The encryption configuration associated with the repository creation template.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

        • resourceTags — (Array<map>)

          The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Keyrequired — (String)

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Valuerequired — (String)

            A value acts as a descriptor within a tag category (key).

        • imageTagMutability — (String)

          The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • repositoryPolicy — (String)

          he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

        • lifecyclePolicy — (String)

          The lifecycle policy to use for repositories created using the template.

        • appliedFor — (Array<String>)

          A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • customRoleArn — (String)

          The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was created.

        • updatedAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was last updated.

      • nextToken — (String)

        The nextToken value to include in a future DescribeRepositoryCreationTemplates request. When the results of a DescribeRepositoryCreationTemplates request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccountSetting(params = {}, callback) ⇒ AWS.Request

Retrieves the basic scan type version name.

Service Reference:

Examples:

Calling the getAccountSetting operation

var params = {
  name: 'STRING_VALUE' /* required */
};
ecr.getAccountSetting(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      Basic scan type version name.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • name — (String)

        Retrieves the basic scan type version name.

      • value — (String)

        Retrieves the value that specifies what basic scan type is being used: AWS_NATIVE or CLAIR.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAuthorizationToken(params = {}, callback) ⇒ AWS.Request

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.

The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

To obtain an authorization token


/* This example gets an authorization token for your default registry. */

 var params = {
 };
 ecr.getAuthorizationToken(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    authorizationData: [
       {
      authorizationToken: "QVdTOkNEXAMPLE", 
      expiresAt: <Date Representation>, 
      proxyEndpoint: "https://012345678901.dkr.ecr.us-west-2.amazonaws.com"
     }
    ]
   }
   */
 });

Calling the getAuthorizationToken operation

var params = {
  registryIds: [
    'STRING_VALUE',
    /* more items */
  ]
};
ecr.getAuthorizationToken(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryIds — (Array<String>)

      A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • authorizationData — (Array<map>)

        A list of authorization token data objects that correspond to the registryIds values in the request.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getDownloadUrlForLayer(params = {}, callback) ⇒ AWS.Request

Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.

When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the getDownloadUrlForLayer operation

var params = {
  layerDigest: 'STRING_VALUE', /* required */
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.getDownloadUrlForLayer(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository that is associated with the image layer to download.

    • layerDigest — (String)

      The digest of the image layer to download.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • downloadUrl — (String)

        The pre-signed Amazon S3 download URL for the requested layer.

      • layerDigest — (String)

        The digest of the image layer to download.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getLifecyclePolicy(params = {}, callback) ⇒ AWS.Request

Retrieves the lifecycle policy for the specified repository.

Service Reference:

Examples:

Calling the getLifecyclePolicy operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.getLifecyclePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON lifecycle policy text.

      • lastEvaluatedAt — (Date)

        The time stamp of the last time that the lifecycle policy was run.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getLifecyclePolicyPreview(params = {}, callback) ⇒ AWS.Request

Retrieves the results of the lifecycle policy preview request for the specified repository.

Service Reference:

Examples:

Calling the getLifecyclePolicyPreview operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  filter: {
    tagStatus: TAGGED | UNTAGGED | ANY
  },
  imageIds: [
    {
      imageDigest: 'STRING_VALUE',
      imageTag: 'STRING_VALUE'
    },
    /* more items */
  ],
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.getLifecyclePolicyPreview(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository.

    • imageIds — (Array<map>)

      The list of imageIDs to be included.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • nextToken — (String)

      The nextToken value returned from a previous paginated
 GetLifecyclePolicyPreviewRequest request where maxResults was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the nextToken value. This value is
 null when there are no more results to return. This option cannot be used when you specify images with imageIds.

    • maxResults — (Integer)

      The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a single page along with a nextToken
 response element. The remaining results of the initial request can be seen by sending
 another GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value. This value can be between 1 and 1000. If this
 parameter is not used, then GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken value, if
 applicable. This option cannot be used when you specify images with imageIds.

    • filter — (map)

      An optional parameter that filters results based on image tag status and all tags, if tagged.

      • tagStatus — (String)

        The tag status of the image.

        Possible values include:
        • "TAGGED"
        • "UNTAGGED"
        • "ANY"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON lifecycle policy text.

      • status — (String)

        The status of the lifecycle policy preview request.

        Possible values include:
        • "IN_PROGRESS"
        • "COMPLETE"
        • "EXPIRED"
        • "FAILED"
      • nextToken — (String)

        The nextToken value to include in a future GetLifecyclePolicyPreview request. When the results of a GetLifecyclePolicyPreview request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

      • previewResults — (Array<map>)

        The results of the lifecycle policy preview request.

        • imageTags — (Array<String>)

          The list of tags associated with this image.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imagePushedAt — (Date)

          The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.

        • action — (map)

          The type of action to be taken.

          • type — (String)

            The type of action to be taken.

            Possible values include:
            • "EXPIRE"
        • appliedRulePriority — (Integer)

          The priority of the applied rule.

      • summary — (map)

        The list of images that is returned as a result of the action.

        • expiringImageTotalCount — (Integer)

          The number of expiring images.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

Waiter Resource States:

getRegistryPolicy(params = {}, callback) ⇒ AWS.Request

Retrieves the permissions policy for a registry.

Service Reference:

Examples:

Calling the getRegistryPolicy operation

var params = {
};
ecr.getRegistryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • policyText — (String)

        The JSON text of the permissions policy for a registry.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getRegistryScanningConfiguration(params = {}, callback) ⇒ AWS.Request

Retrieves the scanning configuration for a registry.

Service Reference:

Examples:

Calling the getRegistryScanningConfiguration operation

var params = {
};
ecr.getRegistryScanningConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • scanningConfiguration — (map)

        The scanning configuration for the registry.

        • scanType — (String)

          The type of scanning configured for the registry.

          Possible values include:
          • "BASIC"
          • "ENHANCED"
        • rules — (Array<map>)

          The scanning rules associated with the registry.

          • scanFrequencyrequired — (String)

            The frequency that scans are performed at for a private registry. When the ENHANCED scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN and SCAN_ON_PUSH. When the BASIC scan type is specified, the SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then the MANUAL scan frequency is set by default.

            Possible values include:
            • "SCAN_ON_PUSH"
            • "CONTINUOUS_SCAN"
            • "MANUAL"
          • repositoryFiltersrequired — (Array<map>)

            The repository filters associated with the scanning configuration for a private registry.

            • filterrequired — (String)

              The filter to use when scanning.

            • filterTyperequired — (String)

              The type associated with the filter.

              Possible values include:
              • "WILDCARD"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getRepositoryPolicy(params = {}, callback) ⇒ AWS.Request

Retrieves the repository policy for the specified repository.

Service Reference:

Examples:

To get the current policy for a repository


/* This example obtains the repository policy for the repository named ubuntu. */

 var params = {
  repositoryName: "ubuntu"
 };
 ecr.getRepositoryPolicy(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    policyText: "{\n  \"Version\" : \"2008-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"new statement\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n     \"AWS\" : \"arn:aws:iam::012345678901:role/CodeDeployDemo\"\n    },\n\"Action\" : [ \"ecr:GetDownloadUrlForLayer\", \"ecr:BatchGetImage\", \"ecr:BatchCheckLayerAvailability\" ]\n } ]\n}", 
    registryId: "012345678901", 
    repositoryName: "ubuntu"
   }
   */
 });

Calling the getRepositoryPolicy operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.getRepositoryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository with the policy to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • policyText — (String)

        The JSON repository policy text associated with the repository.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

initiateLayerUpload(params = {}, callback) ⇒ AWS.Request

Notifies Amazon ECR that you intend to upload an image layer.

When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the initiateLayerUpload operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.initiateLayerUpload(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to which you intend to upload layers. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to which you intend to upload layers.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • uploadId — (String)

        The upload ID for the layer upload. This parameter is passed to further UploadLayerPart and CompleteLayerUpload operations.

      • partSize — (Integer)

        The size, in bytes, that Amazon ECR expects future layer part uploads to be.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listImages(params = {}, callback) ⇒ AWS.Request

Lists all the image IDs for the specified repository.

You can filter images based on whether or not they are tagged by using the tagStatus filter and specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.

Service Reference:

Examples:

To list all images in a repository


/* This example lists all of the images in the repository named ubuntu in the default registry in the current account.  */

 var params = {
  repositoryName: "ubuntu"
 };
 ecr.listImages(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    imageIds: [
       {
      imageDigest: "sha256:764f63476bdff6d83a09ba2a818f0d35757063724a9ac3ba5019c56f74ebf42a", 
      imageTag: "precise"
     }
    ]
   }
   */
 });

Calling the listImages operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  filter: {
    tagStatus: TAGGED | UNTAGGED | ANY
  },
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.listImages(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to list images. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository with image IDs to be listed.

    • nextToken — (String)

      The nextToken value returned from a previous paginated ListImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

      Note: This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
    • maxResults — (Integer)

      The maximum number of image results returned by ListImages in paginated output. When this parameter is used, ListImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then ListImages returns up to 100 results and a nextToken value, if applicable.

    • filter — (map)

      The filter key and value with which to filter your ListImages results.

      • tagStatus — (String)

        The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED or UNTAGGED.

        Possible values include:
        • "TAGGED"
        • "UNTAGGED"
        • "ANY"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • imageIds — (Array<map>)

        The list of image IDs for the requested repository.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • nextToken — (String)

        The nextToken value to include in a future ListImages request. When the results of a ListImages request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

List the tags for an Amazon ECR resource.

Service Reference:

Examples:

Calling the listTagsForResource operation

var params = {
  resourceArn: 'STRING_VALUE' /* required */
};
ecr.listTagsForResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • tags — (Array<map>)

        The tags for the resource.

        • Keyrequired — (String)

          One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

        • Valuerequired — (String)

          A value acts as a descriptor within a tag category (key).

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putAccountSetting(params = {}, callback) ⇒ AWS.Request

Allows you to change the basic scan type version by setting the name parameter to either CLAIR to AWS_NATIVE.

Service Reference:

Examples:

Calling the putAccountSetting operation

var params = {
  name: 'STRING_VALUE', /* required */
  value: 'STRING_VALUE' /* required */
};
ecr.putAccountSetting(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      Basic scan type version name.

    • value — (String)

      Setting value that determines what basic scan type is being used: AWS_NATIVE or CLAIR.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • name — (String)

        Retrieves the the basic scan type version name.

      • value — (String)

        Retrieves the basic scan type value, either AWS_NATIVE or -.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putImage(params = {}, callback) ⇒ AWS.Request

Creates or updates the image manifest and tags associated with an image.

When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the putImage operation

var params = {
  imageManifest: 'STRING_VALUE', /* required */
  repositoryName: 'STRING_VALUE', /* required */
  imageDigest: 'STRING_VALUE',
  imageManifestMediaType: 'STRING_VALUE',
  imageTag: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.putImage(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to put the image. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository in which to put the image.

    • imageManifest — (String)

      The image manifest corresponding to the image to be uploaded.

    • imageManifestMediaType — (String)

      The media type of the image manifest. If you push an image manifest that does not contain the mediaType field, you must specify the imageManifestMediaType in the request.

    • imageTag — (String)

      The tag to associate with the image. This parameter is required for images that use the Docker Image Manifest V2 Schema 2 or Open Container Initiative (OCI) formats.

    • imageDigest — (String)

      The image digest of the image manifest corresponding to the image.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • image — (map)

        Details of the image uploaded.

        • registryId — (String)

          The Amazon Web Services account ID associated with the registry containing the image.

        • repositoryName — (String)

          The name of the repository associated with the image.

        • imageId — (map)

          An object containing the image tag and image digest associated with an image.

          • imageDigest — (String)

            The sha256 digest of the image manifest.

          • imageTag — (String)

            The tag used for the image.

        • imageManifest — (String)

          The image manifest associated with the image.

        • imageManifestMediaType — (String)

          The manifest media type of the image.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putImageScanningConfiguration(params = {}, callback) ⇒ AWS.Request

The PutImageScanningConfiguration API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration.

Updates the image scanning configuration for the specified repository.

Service Reference:

Examples:

Calling the putImageScanningConfiguration operation

var params = {
  imageScanningConfiguration: { /* required */
    scanOnPush: true || false
  },
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.putImageScanningConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image scanning configuration setting. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository in which to update the image scanning configuration setting.

    • imageScanningConfiguration — (map)

      The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.

      • scanOnPush — (Boolean)

        The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • imageScanningConfiguration — (map)

        The image scanning configuration setting for the repository.

        • scanOnPush — (Boolean)

          The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putImageTagMutability(params = {}, callback) ⇒ AWS.Request

Updates the image tag mutability settings for the specified repository. For more information, see Image tag mutability in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Calling the putImageTagMutability operation

var params = {
  imageTagMutability: MUTABLE | IMMUTABLE, /* required */
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.putImageTagMutability(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image tag mutability settings. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository in which to update the image tag mutability settings.

    • imageTagMutability — (String)

      The tag mutability setting for the repository. If MUTABLE is specified, image tags can be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      Possible values include:
      • "MUTABLE"
      • "IMMUTABLE"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • imageTagMutability — (String)

        The image tag mutability setting for the repository.

        Possible values include:
        • "MUTABLE"
        • "IMMUTABLE"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putLifecyclePolicy(params = {}, callback) ⇒ AWS.Request

Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template.

Service Reference:

Examples:

Calling the putLifecyclePolicy operation

var params = {
  lifecyclePolicyText: 'STRING_VALUE', /* required */
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.putLifecyclePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do
 not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to receive the policy.

    • lifecyclePolicyText — (String)

      The JSON repository policy text to apply to the repository.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON repository policy text.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putRegistryPolicy(params = {}, callback) ⇒ AWS.Request

Creates or updates the permissions policy for your registry.

A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Calling the putRegistryPolicy operation

var params = {
  policyText: 'STRING_VALUE' /* required */
};
ecr.putRegistryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • policyText — (String)

      The JSON policy text to apply to your registry. The policy text follows the same format as IAM policy text. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • policyText — (String)

        The JSON policy text for your registry.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putRegistryScanningConfiguration(params = {}, callback) ⇒ AWS.Request

Creates or updates the scanning configuration for your private registry.

Service Reference:

Examples:

Calling the putRegistryScanningConfiguration operation

var params = {
  rules: [
    {
      repositoryFilters: [ /* required */
        {
          filter: 'STRING_VALUE', /* required */
          filterType: WILDCARD /* required */
        },
        /* more items */
      ],
      scanFrequency: SCAN_ON_PUSH | CONTINUOUS_SCAN | MANUAL /* required */
    },
    /* more items */
  ],
  scanType: BASIC | ENHANCED
};
ecr.putRegistryScanningConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • scanType — (String)

      The scanning type to set for the registry.

      When a registry scanning configuration is not defined, by default the BASIC scan type is used. When basic scanning is used, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed to those repositories. Alternatively, you can do manual scans of images with basic scanning.

      When the ENHANCED scan type is set, Amazon Inspector provides automated vulnerability scanning. You may choose between continuous scanning or scan on push and you may specify filters to determine which individual repositories, or all repositories, are scanned.

      Possible values include:
      • "BASIC"
      • "ENHANCED"
    • rules — (Array<map>)

      The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.

      • scanFrequencyrequired — (String)

        The frequency that scans are performed at for a private registry. When the ENHANCED scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN and SCAN_ON_PUSH. When the BASIC scan type is specified, the SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then the MANUAL scan frequency is set by default.

        Possible values include:
        • "SCAN_ON_PUSH"
        • "CONTINUOUS_SCAN"
        • "MANUAL"
      • repositoryFiltersrequired — (Array<map>)

        The repository filters associated with the scanning configuration for a private registry.

        • filterrequired — (String)

          The filter to use when scanning.

        • filterTyperequired — (String)

          The type associated with the filter.

          Possible values include:
          • "WILDCARD"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryScanningConfiguration — (map)

        The scanning configuration for your registry.

        • scanType — (String)

          The type of scanning configured for the registry.

          Possible values include:
          • "BASIC"
          • "ENHANCED"
        • rules — (Array<map>)

          The scanning rules associated with the registry.

          • scanFrequencyrequired — (String)

            The frequency that scans are performed at for a private registry. When the ENHANCED scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN and SCAN_ON_PUSH. When the BASIC scan type is specified, the SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then the MANUAL scan frequency is set by default.

            Possible values include:
            • "SCAN_ON_PUSH"
            • "CONTINUOUS_SCAN"
            • "MANUAL"
          • repositoryFiltersrequired — (Array<map>)

            The repository filters associated with the scanning configuration for a private registry.

            • filterrequired — (String)

              The filter to use when scanning.

            • filterTyperequired — (String)

              The type associated with the filter.

              Possible values include:
              • "WILDCARD"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putReplicationConfiguration(params = {}, callback) ⇒ AWS.Request

Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication.

Note: When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.

Service Reference:

Examples:

Calling the putReplicationConfiguration operation

var params = {
  replicationConfiguration: { /* required */
    rules: [ /* required */
      {
        destinations: [ /* required */
          {
            region: 'STRING_VALUE', /* required */
            registryId: 'STRING_VALUE' /* required */
          },
          /* more items */
        ],
        repositoryFilters: [
          {
            filter: 'STRING_VALUE', /* required */
            filterType: PREFIX_MATCH /* required */
          },
          /* more items */
        ]
      },
      /* more items */
    ]
  }
};
ecr.putReplicationConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • replicationConfiguration — (map)

      An object representing the replication configuration for a registry.

      • rulesrequired — (Array<map>)

        An array of objects representing the replication destinations and repository filters for a replication configuration.

        • destinationsrequired — (Array<map>)

          An array of objects representing the destination for a replication rule.

          • regionrequired — (String)

            The Region to replicate to.

          • registryIdrequired — (String)

            The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.

        • repositoryFilters — (Array<map>)

          An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.

          • filterrequired — (String)

            The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.

          • filterTyperequired — (String)

            The repository filter type. The only supported value is PREFIX_MATCH, which is a repository name prefix specified with the filter parameter.

            Possible values include:
            • "PREFIX_MATCH"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • replicationConfiguration — (map)

        The contents of the replication configuration for the registry.

        • rulesrequired — (Array<map>)

          An array of objects representing the replication destinations and repository filters for a replication configuration.

          • destinationsrequired — (Array<map>)

            An array of objects representing the destination for a replication rule.

            • regionrequired — (String)

              The Region to replicate to.

            • registryIdrequired — (String)

              The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.

          • repositoryFilters — (Array<map>)

            An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.

            • filterrequired — (String)

              The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.

            • filterTyperequired — (String)

              The repository filter type. The only supported value is PREFIX_MATCH, which is a repository name prefix specified with the filter parameter.

              Possible values include:
              • "PREFIX_MATCH"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

setRepositoryPolicy(params = {}, callback) ⇒ AWS.Request

Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Calling the setRepositoryPolicy operation

var params = {
  policyText: 'STRING_VALUE', /* required */
  repositoryName: 'STRING_VALUE', /* required */
  force: true || false,
  registryId: 'STRING_VALUE'
};
ecr.setRepositoryPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to receive the policy.

    • policyText — (String)

      The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    • force — (Boolean)

      If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the SetRepositoryPolicy operation. This is intended to prevent accidental repository lock outs.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • policyText — (String)

        The JSON repository policy text applied to the repository.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

startImageScan(params = {}, callback) ⇒ AWS.Request

Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide.

Service Reference:

Examples:

Calling the startImageScan operation

var params = {
  imageId: { /* required */
    imageDigest: 'STRING_VALUE',
    imageTag: 'STRING_VALUE'
  },
  repositoryName: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.startImageScan(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to start an image scan request. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository that contains the images to scan.

    • imageId — (map)

      An object with identifying information for an image in an Amazon ECR repository.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • imageId — (map)

        An object with identifying information for an image in an Amazon ECR repository.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • imageScanStatus — (map)

        The current state of the scan.

        • status — (String)

          The current state of an image scan.

          Possible values include:
          • "IN_PROGRESS"
          • "COMPLETE"
          • "FAILED"
          • "UNSUPPORTED_IMAGE"
          • "ACTIVE"
          • "PENDING"
          • "SCAN_ELIGIBILITY_EXPIRED"
          • "FINDINGS_UNAVAILABLE"
        • description — (String)

          The description of the image scan status.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

startLifecyclePolicyPreview(params = {}, callback) ⇒ AWS.Request

Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.

Service Reference:

Examples:

Calling the startLifecyclePolicyPreview operation

var params = {
  repositoryName: 'STRING_VALUE', /* required */
  lifecyclePolicyText: 'STRING_VALUE',
  registryId: 'STRING_VALUE'
};
ecr.startLifecyclePolicyPreview(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to be evaluated.

    • lifecyclePolicyText — (String)

      The policy to be evaluated against. If you do not specify a policy, the current policy for the repository is used.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON repository policy text.

      • status — (String)

        The status of the lifecycle policy preview request.

        Possible values include:
        • "IN_PROGRESS"
        • "COMPLETE"
        • "EXPIRED"
        • "FAILED"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

tagResource(params = {}, callback) ⇒ AWS.Request

Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.

Service Reference:

Examples:

Calling the tagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tags: [ /* required */
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
ecr.tagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.

    • tags — (Array<map>)

      The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

      • Keyrequired — (String)

        One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

      • Valuerequired — (String)

        A value acts as a descriptor within a tag category (key).

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

untagResource(params = {}, callback) ⇒ AWS.Request

Deletes specified tags from a resource.

Service Reference:

Examples:

Calling the untagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tagKeys: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
ecr.untagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.

    • tagKeys — (Array<String>)

      The keys of the tags to be removed.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updatePullThroughCacheRule(params = {}, callback) ⇒ AWS.Request

Updates an existing pull through cache rule.

Service Reference:

Examples:

Calling the updatePullThroughCacheRule operation

var params = {
  credentialArn: 'STRING_VALUE', /* required */
  ecrRepositoryPrefix: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.updatePullThroughCacheRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

    • ecrRepositoryPrefix — (String)

      The repository name prefix to use when caching images from the source registry.

    • credentialArn — (String)

      The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ecrRepositoryPrefix — (String)

        The Amazon ECR repository prefix associated with the pull through cache rule.

      • registryId — (String)

        The registry ID associated with the request.

      • updatedAt — (Date)

        The date and time, in JavaScript date format, when the pull through cache rule was updated.

      • credentialArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateRepositoryCreationTemplate(params = {}, callback) ⇒ AWS.Request

Updates an existing repository creation template.

Service Reference:

Examples:

Update a repository creation template


/* This example updates a repository creation template. */

 var params = {
  appliedFor: [
     "REPLICATION"
  ], 
  prefix: "eng/test", 
  resourceTags: [
     {
    Key: "environment", 
    Value: "test"
   }
  ]
 };
 ecr.updateRepositoryCreationTemplate(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    registryId: "012345678901", 
    repositoryCreationTemplate: {
     appliedFor: [
        "REPLICATION"
     ], 
     createdAt: <Date Representation>, 
     description: "Repos for testing images", 
     encryptionConfiguration: {
      encryptionType: "AES256"
     }, 
     imageTagMutability: "MUTABLE", 
     lifecyclePolicy: "{\r\n    \"rules\": [\r\n        {\r\n            \"rulePriority\": 1,\r\n            \"description\": \"Expire images older than 14 days\",\r\n            \"selection\": {\r\n                \"tagStatus\": \"untagged\",\r\n                \"countType\": \"sinceImagePushed\",\r\n                \"countUnit\": \"days\",\r\n                \"countNumber\": 14\r\n            },\r\n            \"action\": {\r\n                \"type\": \"expire\"\r\n            }\r\n        }\r\n    ]\r\n}", 
     prefix: "eng/test", 
     repositoryPolicy: "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Sid\" : \"LambdaECRPullPolicy\",\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"Service\" : \"lambda.amazonaws.com\"\n    },\n    \"Action\" : \"ecr:BatchGetImage\"\n  } ]\n}", 
     resourceTags: [
        {
       Key: "environment", 
       Value: "test"
      }
     ], 
     updatedAt: <Date Representation>
    }
   }
   */
 });

Calling the updateRepositoryCreationTemplate operation

var params = {
  prefix: 'STRING_VALUE', /* required */
  appliedFor: [
    REPLICATION | PULL_THROUGH_CACHE,
    /* more items */
  ],
  customRoleArn: 'STRING_VALUE',
  description: 'STRING_VALUE',
  encryptionConfiguration: {
    encryptionType: AES256 | KMS, /* required */
    kmsKey: 'STRING_VALUE'
  },
  imageTagMutability: MUTABLE | IMMUTABLE,
  lifecyclePolicy: 'STRING_VALUE',
  repositoryPolicy: 'STRING_VALUE',
  resourceTags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
ecr.updateRepositoryCreationTemplate(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • prefix — (String)

      The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. This includes a repository named prod/team1 as well as a repository named prod/repository1.

      To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

    • description — (String)

      A description for the repository creation template.

    • encryptionConfiguration — (map)

      The encryption configuration to associate with the repository creation template.

      • encryptionTyperequired — (String)

        The encryption type to use.

        If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

        If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

        Possible values include:
        • "AES256"
        • "KMS"
      • kmsKey — (String)

        If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

    • resourceTags — (Array<map>)

      The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

      • Keyrequired — (String)

        One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

      • Valuerequired — (String)

        A value acts as a descriptor within a tag category (key).

    • imageTagMutability — (String)

      Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      Possible values include:
      • "MUTABLE"
      • "IMMUTABLE"
    • repositoryPolicy — (String)

      Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

    • lifecyclePolicy — (String)

      Updates the lifecycle policy associated with the specified repository creation template.

    • appliedFor — (Array<String>)

      Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

    • customRoleArn — (String)

      The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryCreationTemplate — (map)

        The details of the repository creation template associated with the request.

        • prefix — (String)

          The repository namespace prefix associated with the repository creation template.

        • description — (String)

          The description associated with the repository creation template.

        • encryptionConfiguration — (map)

          The encryption configuration associated with the repository creation template.

          • encryptionTyperequired — (String)

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

            Possible values include:
            • "AES256"
            • "KMS"
          • kmsKey — (String)

            If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

        • resourceTags — (Array<map>)

          The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Keyrequired — (String)

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Valuerequired — (String)

            A value acts as a descriptor within a tag category (key).

        • imageTagMutability — (String)

          The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

          Possible values include:
          • "MUTABLE"
          • "IMMUTABLE"
        • repositoryPolicy — (String)

          he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

        • lifecyclePolicy — (String)

          The lifecycle policy to use for repositories created using the template.

        • appliedFor — (Array<String>)

          A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • customRoleArn — (String)

          The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

        • createdAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was created.

        • updatedAt — (Date)

          The date and time, in JavaScript date format, when the repository creation template was last updated.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

uploadLayerPart(params = {}, callback) ⇒ AWS.Request

Uploads an image layer part to Amazon ECR.

When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.

Note: This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Service Reference:

Examples:

Calling the uploadLayerPart operation

var params = {
  layerPartBlob: Buffer.from('...') || 'STRING_VALUE' /* Strings will be Base-64 encoded on your behalf */, /* required */
  partFirstByte: 'NUMBER_VALUE', /* required */
  partLastByte: 'NUMBER_VALUE', /* required */
  repositoryName: 'STRING_VALUE', /* required */
  uploadId: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.uploadLayerPart(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository to which you are uploading layer parts.

    • uploadId — (String)

      The upload ID from a previous InitiateLayerUpload operation to associate with the layer part upload.

    • partFirstByte — (Integer)

      The position of the first byte of the layer part witin the overall image layer.

    • partLastByte — (Integer)

      The position of the last byte of the layer part within the overall image layer.

    • layerPartBlob — (Buffer, Typed Array, Blob, String)

      The base64-encoded layer part payload.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • uploadId — (String)

        The upload ID associated with the request.

      • lastByteReceived — (Integer)

        The integer value of the last byte received in the request.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

validatePullThroughCacheRule(params = {}, callback) ⇒ AWS.Request

Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.

Service Reference:

Examples:

Calling the validatePullThroughCacheRule operation

var params = {
  ecrRepositoryPrefix: 'STRING_VALUE', /* required */
  registryId: 'STRING_VALUE'
};
ecr.validatePullThroughCacheRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ecrRepositoryPrefix — (String)

      The repository name prefix associated with the pull through cache rule.

    • registryId — (String)

      The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ecrRepositoryPrefix — (String)

        The Amazon ECR repository prefix associated with the pull through cache rule.

      • registryId — (String)

        The registry ID associated with the request.

      • upstreamRegistryUrl — (String)

        The upstream registry URL associated with the pull through cache rule.

      • credentialArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

      • isValid — (Boolean)

        Whether or not the pull through cache rule was validated. If true, Amazon ECR was able to reach the upstream registry and authentication was successful. If false, there was an issue and validation failed. The failure reason indicates the cause.

      • failure — (String)

        The reason the validation failed. For more details about possible causes and how to address them, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

waitFor(state, params = {}, callback) ⇒ AWS.Request

Waits for a given ECR resource. The final callback or 'complete' event will be fired only when the resource is either in its final state or the waiter has timed out and stopped polling for the final state.

Examples:

Waiting for the imageScanComplete state

var params = {
  imageId: { /* required */
  },
  repositoryName: 'STRING_VALUE', /* required */
};
ecr.waitFor('imageScanComplete', params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • state (String)

    the resource state to wait for. Available states for this service are listed in "Waiter Resource States" below.

  • params (map) (defaults to: {})

    a list of parameters for the given state. See each waiter resource state for required parameters.

Callback (callback):

  • function(err, data) { ... }

    Callback containing error and data information. See the respective resource state for the expected error or data information.

    If the waiter times out its requests, it will return a ResourceNotReady error.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

Waiter Resource States:

Waiter Resource Details

ecr.waitFor('imageScanComplete', params = {}, [callback]) ⇒ AWS.Request

Waits for the imageScanComplete state by periodically calling the underlying ECR.describeImageScanFindings() operation every 5 seconds (at most 60 times).

Examples:

Waiting for the imageScanComplete state

var params = {
  imageId: { /* required */
  },
  repositoryName: 'STRING_VALUE', /* required */
};
ecr.waitFor('imageScanComplete', params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object)
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The repository for the image for which to describe the scan findings.

    • imageId — (map)

      An object with identifying information for an image in an Amazon ECR repository.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • nextToken — (String)

      The nextToken value returned from a previous paginated DescribeImageScanFindings request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    • maxResults — (Integer)

      The maximum number of image scan results returned by DescribeImageScanFindings in paginated output. When this parameter is used, DescribeImageScanFindings only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings returns up to 100 results and a nextToken value, if applicable.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • imageId — (map)

        An object with identifying information for an image in an Amazon ECR repository.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imageTag — (String)

          The tag used for the image.

      • imageScanStatus — (map)

        The current state of the scan.

        • status — (String)

          The current state of an image scan.

          Possible values include:
          • "IN_PROGRESS"
          • "COMPLETE"
          • "FAILED"
          • "UNSUPPORTED_IMAGE"
          • "ACTIVE"
          • "PENDING"
          • "SCAN_ELIGIBILITY_EXPIRED"
          • "FINDINGS_UNAVAILABLE"
        • description — (String)

          The description of the image scan status.

      • imageScanFindings — (map)

        The information contained in the image scan findings.

        • imageScanCompletedAt — (Date)

          The time of the last completed image scan.

        • vulnerabilitySourceUpdatedAt — (Date)

          The time when the vulnerability data was last scanned.

        • findingSeverityCounts — (map<Integer>)

          The image vulnerability counts, sorted by severity.

        • findings — (Array<map>)

          The findings from the image scan.

          • name — (String)

            The name associated with the finding, usually a CVE number.

          • description — (String)

            The description of the finding.

          • uri — (String)

            A link containing additional details about the security vulnerability.

          • severity — (String)

            The finding severity.

            Possible values include:
            • "INFORMATIONAL"
            • "LOW"
            • "MEDIUM"
            • "HIGH"
            • "CRITICAL"
            • "UNDEFINED"
          • attributes — (Array<map>)

            A collection of attributes of the host from which the finding is generated.

            • keyrequired — (String)

              The attribute key.

            • value — (String)

              The value assigned to the attribute key.

        • enhancedFindings — (Array<map>)

          Details about the enhanced scan findings from Amazon Inspector.

          • awsAccountId — (String)

            The Amazon Web Services account ID associated with the image.

          • description — (String)

            The description of the finding.

          • findingArn — (String)

            The Amazon Resource Number (ARN) of the finding.

          • firstObservedAt — (Date)

            The date and time that the finding was first observed.

          • lastObservedAt — (Date)

            The date and time that the finding was last observed.

          • packageVulnerabilityDetails — (map)

            An object that contains the details of a package vulnerability finding.

            • cvss — (Array<map>)

              An object that contains details about the CVSS score of a finding.

              • baseScore — (Float)

                The base CVSS score used for the finding.

              • scoringVector — (String)

                The vector string of the CVSS score.

              • source — (String)

                The source of the CVSS score.

              • version — (String)

                The version of CVSS used for the score.

            • referenceUrls — (Array<String>)

              One or more URLs that contain details about this vulnerability type.

            • relatedVulnerabilities — (Array<String>)

              One or more vulnerabilities related to the one identified in this finding.

            • source — (String)

              The source of the vulnerability information.

            • sourceUrl — (String)

              A URL to the source of the vulnerability information.

            • vendorCreatedAt — (Date)

              The date and time that this vulnerability was first added to the vendor's database.

            • vendorSeverity — (String)

              The severity the vendor has given to this vulnerability type.

            • vendorUpdatedAt — (Date)

              The date and time the vendor last updated this vulnerability in their database.

            • vulnerabilityId — (String)

              The ID given to this vulnerability.

            • vulnerablePackages — (Array<map>)

              The packages impacted by this vulnerability.

              • arch — (String)

                The architecture of the vulnerable package.

              • epoch — (Integer)

                The epoch of the vulnerable package.

              • filePath — (String)

                The file path of the vulnerable package.

              • name — (String)

                The name of the vulnerable package.

              • packageManager — (String)

                The package manager of the vulnerable package.

              • release — (String)

                The release of the vulnerable package.

              • sourceLayerHash — (String)

                The source layer hash of the vulnerable package.

              • version — (String)

                The version of the vulnerable package.

          • remediation — (map)

            An object that contains the details about how to remediate a finding.

            • recommendation — (map)

              An object that contains information about the recommended course of action to remediate the finding.

              • url — (String)

                The URL address to the CVE remediation recommendations.

              • text — (String)

                The recommended course of action to remediate the finding.

          • resources — (Array<map>)

            Contains information on the resources involved in a finding.

            • details — (map)

              An object that contains details about the resource involved in a finding.

              • awsEcrContainerImage — (map)

                An object that contains details about the Amazon ECR container image involved in the finding.

                • architecture — (String)

                  The architecture of the Amazon ECR container image.

                • author — (String)

                  The image author of the Amazon ECR container image.

                • imageHash — (String)

                  The image hash of the Amazon ECR container image.

                • imageTags — (Array<String>)

                  The image tags attached to the Amazon ECR container image.

                • platform — (String)

                  The platform of the Amazon ECR container image.

                • pushedAt — (Date)

                  The date and time the Amazon ECR container image was pushed.

                • registry — (String)

                  The registry the Amazon ECR container image belongs to.

                • repositoryName — (String)

                  The name of the repository the Amazon ECR container image resides in.

            • id — (String)

              The ID of the resource.

            • tags — (map<String>)

              The tags attached to the resource.

            • type — (String)

              The type of resource.

          • score — (Float)

            The Amazon Inspector score given to the finding.

          • scoreDetails — (map)

            An object that contains details of the Amazon Inspector score.

            • cvss — (map)

              An object that contains details about the CVSS score given to a finding.

              • adjustments — (Array<map>)

                An object that contains details about adjustment Amazon Inspector made to the CVSS score.

                • metric — (String)

                  The metric used to adjust the CVSS score.

                • reason — (String)

                  The reason the CVSS score has been adjustment.

              • score — (Float)

                The CVSS score.

              • scoreSource — (String)

                The source for the CVSS score.

              • scoringVector — (String)

                The vector for the CVSS score.

              • version — (String)

                The CVSS version used in scoring.

          • severity — (String)

            The severity of the finding.

          • status — (String)

            The status of the finding.

          • title — (String)

            The title of the finding.

          • type — (String)

            The type of the finding.

          • updatedAt — (Date)

            The date and time the finding was last updated at.

      • nextToken — (String)

        The nextToken value to include in a future DescribeImageScanFindings request. When the results of a DescribeImageScanFindings request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

See Also:

ecr.waitFor('lifecyclePolicyPreviewComplete', params = {}, [callback]) ⇒ AWS.Request

Waits for the lifecyclePolicyPreviewComplete state by periodically calling the underlying ECR.getLifecyclePolicyPreview() operation every 5 seconds (at most 20 times).

Examples:

Waiting for the lifecyclePolicyPreviewComplete state

var params = {
  repositoryName: 'STRING_VALUE', /* required */
};
ecr.waitFor('lifecyclePolicyPreviewComplete', params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object)
    • registryId — (String)

      The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    • repositoryName — (String)

      The name of the repository.

    • imageIds — (Array<map>)

      The list of imageIDs to be included.

      • imageDigest — (String)

        The sha256 digest of the image manifest.

      • imageTag — (String)

        The tag used for the image.

    • nextToken — (String)

      The nextToken value returned from a previous paginated
 GetLifecyclePolicyPreviewRequest request where maxResults was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the nextToken value. This value is
 null when there are no more results to return. This option cannot be used when you specify images with imageIds.

    • maxResults — (Integer)

      The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a single page along with a nextToken
 response element. The remaining results of the initial request can be seen by sending
 another GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value. This value can be between 1 and 1000. If this
 parameter is not used, then GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken value, if
 applicable. This option cannot be used when you specify images with imageIds.

    • filter — (map)

      An optional parameter that filters results based on image tag status and all tags, if tagged.

      • tagStatus — (String)

        The tag status of the image.

        Possible values include:
        • "TAGGED"
        • "UNTAGGED"
        • "ANY"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • registryId — (String)

        The registry ID associated with the request.

      • repositoryName — (String)

        The repository name associated with the request.

      • lifecyclePolicyText — (String)

        The JSON lifecycle policy text.

      • status — (String)

        The status of the lifecycle policy preview request.

        Possible values include:
        • "IN_PROGRESS"
        • "COMPLETE"
        • "EXPIRED"
        • "FAILED"
      • nextToken — (String)

        The nextToken value to include in a future GetLifecyclePolicyPreview request. When the results of a GetLifecyclePolicyPreview request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

      • previewResults — (Array<map>)

        The results of the lifecycle policy preview request.

        • imageTags — (Array<String>)

          The list of tags associated with this image.

        • imageDigest — (String)

          The sha256 digest of the image manifest.

        • imagePushedAt — (Date)

          The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.

        • action — (map)

          The type of action to be taken.

          • type — (String)

            The type of action to be taken.

            Possible values include:
            • "EXPIRE"
        • appliedRulePriority — (Integer)

          The priority of the applied rule.

      • summary — (map)

        The list of images that is returned as a result of the action.

        • expiringImageTotalCount — (Integer)

          The number of expiring images.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

See Also: