AWS::ECR::Repository - AWS CloudFormation


The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images. For more information, see Amazon ECR Repositories in the Amazon Elastic Container Registry User Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::ECR::Repository", "Properties" : { "LifecyclePolicy" : LifecyclePolicy, "RepositoryName" : String, "RepositoryPolicyText" : Json, "Tags" : [ Tag, ... ] } }


Type: AWS::ECR::Repository Properties: LifecyclePolicy: LifecyclePolicy RepositoryName: String RepositoryPolicyText: Json Tags: - Tag



Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle Policy Template.

Required: No

Type: LifecyclePolicy

Update requires: No interruption


The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see Name Type.


If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Minimum: 2

Maximum: 256

Pattern: (?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*

Update requires: Replacement


The JSON repository policy text to apply to the repository. For more information, see Amazon ECR Repository Policies in the Amazon Elastic Container Registry User Guide.

Required: No

Type: Json

Minimum: 0

Maximum: 10240

Update requires: No interruption


An array of key-value pairs to apply to this resource.

Required: No

Type: List of Tag

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name, such as test-repository.

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr:eu-west-1:123456789012:repository/test-repository .


Specify a repository

The following example specifies a repository named test-repository. Its policy permits the users Bob and Alice to push and pull images. Note that the IAM users actually need to exist, or stack creation will fail.


"MyRepository": { "Type": "AWS::ECR::Repository", "Properties": { "RepositoryName" : "test-repository", "RepositoryPolicyText" : { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::123456789012:user/Bob", "arn:aws:iam::123456789012:user/Alice" ] }, "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ] } ] } } }


MyRepository: Type: AWS::ECR::Repository Properties: RepositoryName: "test-repository" RepositoryPolicyText: Version: "2012-10-17" Statement: - Sid: AllowPushPull Effect: Allow Principal: AWS: - "arn:aws:iam::123456789012:user/Bob" - "arn:aws:iam::123456789012:user/Alice" Action: - "ecr:GetDownloadUrlForLayer" - "ecr:BatchGetImage" - "ecr:BatchCheckLayerAvailability" - "ecr:PutImage" - "ecr:InitiateLayerUpload" - "ecr:UploadLayerPart" - "ecr:CompleteLayerUpload"

Specify a repository with a lifecycle policy

The following example creates a repository with a lifecycle policy.


{ "Parameters": { "lifecyclePolicyText": { "Type": "String" }, "repositoryName": { "Type": "String" }, "registryId": { "Type": "String" } }, "Resources": { "MyRepository": { "Type": "AWS::ECR::Repository", "Properties": { "LifecyclePolicy": { "LifecyclePolicyText": { "Ref": "lifecyclePolicyText" }, "RegistryId": { "Ref": "registryId" } }, "RepositoryName": { "Ref": "repositoryName" } } } }, "Outputs": { "Arn": { "Value": { "Fn::GetAtt": [ "MyRepository", "Arn" ] } } } }


Parameters: lifecyclePolicyText: Type: String repositoryName: Type: String registryId: Type: String Resources: MyRepository: Type: AWS::ECR::Repository Properties: LifecyclePolicy: LifecyclePolicyText: !Ref lifecyclePolicyText RegistryId: !Ref registryId RepositoryName: !Ref repositoryName Outputs: Arn: Value: !GetAtt MyRepository.Arn

See also