aws-cdk-lib.aws_ecr.Repository

class Repository (construct)

LanguageType name
.NETAmazon.CDK.AWS.ECR.Repository
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsecr#Repository
Javasoftware.amazon.awscdk.services.ecr.Repository
Pythonaws_cdk.aws_ecr.Repository
TypeScript (source)aws-cdk-lib » aws_ecr » Repository

Implements IConstruct, IDependable, IResource, IRepository

Define an ECR repository.

Example

import * as ecr from 'aws-cdk-lib/aws-ecr';

new apprunner.Service(this, 'Service', {
  source: apprunner.Source.fromEcr({
    imageConfiguration: { port: 80 },
    repository: ecr.Repository.fromRepositoryName(this, 'NginxRepository', 'nginx'),
    tagOrDigest: 'latest',
  }),
});

Initializer

new Repository(scope: Construct, id: string, props?: RepositoryProps)

Parameters

  • scope Construct
  • id string
  • props RepositoryProps

Construct Props

NameTypeDescription
autoDeleteImages?booleanWhether all images should be automatically deleted when the repository is removed from the stack or when the stack is deleted.
encryption?RepositoryEncryptionThe kind of server-side encryption to apply to this repository.
encryptionKey?IKeyExternal KMS key to use for repository encryption.
imageScanOnPush?booleanEnable the scan on push when creating the repository.
imageTagMutability?TagMutabilityThe tag mutability setting for the repository.
lifecycleRegistryId?stringThe AWS account ID associated with the registry that contains the repository.
lifecycleRules?LifecycleRule[]Life cycle rules to apply to this registry.
removalPolicy?RemovalPolicyDetermine what happens to the repository when the resource/stack is deleted.
repositoryName?stringName for this repository.

autoDeleteImages?

Type: boolean (optional, default: false)

Whether all images should be automatically deleted when the repository is removed from the stack or when the stack is deleted.

Requires the removalPolicy to be set to RemovalPolicy.DESTROY.


encryption?

Type: RepositoryEncryption (optional, default: KMS if encryptionKey is specified, or AES256 otherwise.)

The kind of server-side encryption to apply to this repository.

If you choose KMS, you can specify a KMS key via encryptionKey. If encryptionKey is not specified, an AWS managed KMS key is used.


encryptionKey?

Type: IKey (optional, default: If encryption is set to KMS and this property is undefined, an AWS managed KMS key is used.)

External KMS key to use for repository encryption.

The 'encryption' property must be either not specified or set to "KMS". An error will be emitted if encryption is set to "AES256".


imageScanOnPush?

Type: boolean (optional, default: false)

Enable the scan on push when creating the repository.


imageTagMutability?

Type: TagMutability (optional, default: TagMutability.MUTABLE)

The tag mutability setting for the repository.

If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.


lifecycleRegistryId?

Type: string (optional, default: The default registry is assumed.)

The AWS account ID associated with the registry that contains the repository.

See also: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html


lifecycleRules?

Type: LifecycleRule[] (optional, default: No life cycle rules)

Life cycle rules to apply to this registry.


removalPolicy?

Type: RemovalPolicy (optional, default: RemovalPolicy.Retain)

Determine what happens to the repository when the resource/stack is deleted.


repositoryName?

Type: string (optional, default: Automatically generated name.)

Name for this repository.

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
repositoryArnstringThe ARN of the repository.
repositoryNamestringThe name of the repository.
repositoryUristringThe URI of this repository (represents the latest image):.
stackStackThe stack in which this resource is defined.

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


repositoryArn

Type: string

The ARN of the repository.


repositoryName

Type: string

The name of the repository.


repositoryUri

Type: string

The URI of this repository (represents the latest image):.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
addLifecycleRule(rule)Add a life cycle rule to the repository.
addToResourcePolicy(statement)Add a policy statement to the repository's resource policy.
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
grant(grantee, ...actions)Grant the given principal identity permissions to perform the actions on this repository.
grantPull(grantee)Grant the given identity permissions to use the images in this repository.
grantPullPush(grantee)Grant the given identity permissions to pull and push images to this repository.
grantPush(grantee)Grant the given identity permissions to use the images in this repository.
grantRead(grantee)Grant the given identity permissions to read the images in this repository.
onCloudTrailEvent(id, options?)Define a CloudWatch event that triggers when something happens to this repository.
onCloudTrailImagePushed(id, options?)Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.
onEvent(id, options?)Defines a CloudWatch event rule which triggers for repository events.
onImageScanCompleted(id, options?)Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.
repositoryUriForDigest(digest?)Returns the URL of the repository. Can be used in docker push/pull.
repositoryUriForTag(tag?)Returns the URL of the repository. Can be used in docker push/pull.
repositoryUriForTagOrDigest(tagOrDigest?)Returns the URL of the repository. Can be used in docker push/pull.
toString()Returns a string representation of this construct.
static arnForLocalRepository(repositoryName, scope, account?)Returns an ECR ARN for a repository that resides in the same account/region as the current stack.
static fromRepositoryArn(scope, id, repositoryArn)
static fromRepositoryAttributes(scope, id, attrs)Import a repository.
static fromRepositoryName(scope, id, repositoryName)

addLifecycleRule(rule)

public addLifecycleRule(rule: LifecycleRule): void

Parameters

  • rule LifecycleRule

Add a life cycle rule to the repository.

Life cycle rules automatically expire images from the repository that match certain conditions.


addToResourcePolicy(statement)

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Parameters

  • statement PolicyStatement

Returns

  • AddToResourcePolicyResult

Add a policy statement to the repository's resource policy.

While other resources policies in AWS either require or accept a resource section, Cfn for ECR does not allow us to specify a resource policy. It will fail if a resource section is present at all.


applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


grant(grantee, ...actions)

public grant(grantee: IGrantable, ...actions: string[]): Grant

Parameters

  • grantee IGrantable
  • actions string

Returns

  • Grant

Grant the given principal identity permissions to perform the actions on this repository.


grantPull(grantee)

public grantPull(grantee: IGrantable): Grant

Parameters

  • grantee IGrantable

Returns

  • Grant

Grant the given identity permissions to use the images in this repository.


grantPullPush(grantee)

public grantPullPush(grantee: IGrantable): Grant

Parameters

  • grantee IGrantable

Returns

  • Grant

Grant the given identity permissions to pull and push images to this repository.


grantPush(grantee)

public grantPush(grantee: IGrantable): Grant

Parameters

  • grantee IGrantable

Returns

  • Grant

Grant the given identity permissions to use the images in this repository.


grantRead(grantee)

public grantRead(grantee: IGrantable): Grant

Parameters

  • grantee IGrantable

Returns

  • Grant

Grant the given identity permissions to read the images in this repository.


onCloudTrailEvent(id, options?)

public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule

Parameters

  • id string — The id of the rule.
  • options OnEventOptions — Options for adding the rule.

Returns

  • Rule

Define a CloudWatch event that triggers when something happens to this repository.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.


onCloudTrailImagePushed(id, options?)

public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule

Parameters

  • id string — The id of the rule.
  • options OnCloudTrailImagePushedOptions — Options for adding the rule.

Returns

  • Rule

Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.


onEvent(id, options?)

public onEvent(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines a CloudWatch event rule which triggers for repository events.

Use rule.addEventPattern(pattern) to specify a filter.


onImageScanCompleted(id, options?)

public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule

Parameters

  • id string — The id of the rule.
  • options OnImageScanCompletedOptions — Options for adding the rule.

Returns

  • Rule

Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.


repositoryUriForDigest(digest?)

public repositoryUriForDigest(digest?: string): string

Parameters

  • digest string — Optional image digest.

Returns

  • string

Returns the URL of the repository. Can be used in docker push/pull.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]


repositoryUriForTag(tag?)

public repositoryUriForTag(tag?: string): string

Parameters

  • tag string — Optional image tag.

Returns

  • string

Returns the URL of the repository. Can be used in docker push/pull.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]


repositoryUriForTagOrDigest(tagOrDigest?)

public repositoryUriForTagOrDigest(tagOrDigest?: string): string

Parameters

  • tagOrDigest string — Optional image tag or digest (digests must start with sha256:).

Returns

  • string

Returns the URL of the repository. Can be used in docker push/pull.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static arnForLocalRepository(repositoryName, scope, account?)

public static arnForLocalRepository(repositoryName: string, scope: IConstruct, account?: string): string

Parameters

  • repositoryName string
  • scope IConstruct
  • account string

Returns

  • string

Returns an ECR ARN for a repository that resides in the same account/region as the current stack.


static fromRepositoryArn(scope, id, repositoryArn)

public static fromRepositoryArn(scope: Construct, id: string, repositoryArn: string): IRepository

Parameters

  • scope Construct
  • id string
  • repositoryArn string

Returns

  • IRepository

static fromRepositoryAttributes(scope, id, attrs)

public static fromRepositoryAttributes(scope: Construct, id: string, attrs: RepositoryAttributes): IRepository

Parameters

  • scope Construct
  • id string
  • attrs RepositoryAttributes

Returns

  • IRepository

Import a repository.


static fromRepositoryName(scope, id, repositoryName)

public static fromRepositoryName(scope: Construct, id: string, repositoryName: string): IRepository

Parameters

  • scope Construct
  • id string
  • repositoryName string

Returns

  • IRepository