CreatePullThroughCacheRule
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.
Request Syntax
{
"credentialArn": "string",
"ecrRepositoryPrefix": "string",
"registryId": "string",
"upstreamRegistry": "string",
"upstreamRegistryUrl": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- credentialArn
-
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.
Type: String
Length Constraints: Minimum length of 50. Maximum length of 612.
Pattern:
^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\-pullthroughcache\/[a-zA-Z0-9\/_+=.@-]+$Required: No
- ecrRepositoryPrefix
-
The repository name prefix to use when caching images from the source registry.
Type: String
Length Constraints: Minimum length of 2. Maximum length of 30.
Pattern:
(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*Required: Yes
- registryId
-
The AWS account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.
Type: String
Pattern:
[0-9]{12}Required: No
- upstreamRegistry
-
The name of the upstream registry.
Type: String
Valid Values:
ecr-public | quay | k8s | docker-hub | github-container-registry | azure-container-registryRequired: No
- upstreamRegistryUrl
-
The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.
-
Amazon ECR Public (
ecr-public) -public.ecr.aws -
Docker Hub (
docker-hub) -registry-1.docker.io -
Quay (
quay) -quay.io -
Kubernetes (
k8s) -registry.k8s.io -
GitHub Container Registry (
github-container-registry) -ghcr.io -
Microsoft Azure Container Registry (
azure-container-registry) -<custom>.azurecr.io
Type: String
Required: Yes
-
Response Syntax
{
"createdAt": number,
"credentialArn": "string",
"ecrRepositoryPrefix": "string",
"registryId": "string",
"upstreamRegistry": "string",
"upstreamRegistryUrl": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- createdAt
-
The date and time, in JavaScript date format, when the pull through cache rule was created.
Type: Timestamp
- credentialArn
-
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret associated with the pull through cache rule.
Type: String
Length Constraints: Minimum length of 50. Maximum length of 612.
Pattern:
^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\-pullthroughcache\/[a-zA-Z0-9\/_+=.@-]+$ - ecrRepositoryPrefix
-
The Amazon ECR repository prefix associated with the pull through cache rule.
Type: String
Length Constraints: Minimum length of 2. Maximum length of 30.
Pattern:
(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)* - registryId
-
The registry ID associated with the request.
Type: String
Pattern:
[0-9]{12} - upstreamRegistry
-
The name of the upstream registry associated with the pull through cache rule.
Type: String
Valid Values:
ecr-public | quay | k8s | docker-hub | github-container-registry | azure-container-registry - upstreamRegistryUrl
-
The upstream registry URL associated with the pull through cache rule.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidParameterException
-
The specified parameter is invalid. Review the available parameters for the API request.
HTTP Status Code: 400
- LimitExceededException
-
The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.
HTTP Status Code: 400
- PullThroughCacheRuleAlreadyExistsException
-
A pull through cache rule with these settings already exists for the private registry.
HTTP Status Code: 400
- SecretNotFoundException
-
The ARN of the secret specified in the pull through cache rule was not found. Update the pull through cache rule with a valid secret ARN and try again.
HTTP Status Code: 400
- ServerException
-
These errors are usually caused by a server-side issue.
HTTP Status Code: 500
- UnableToAccessSecretException
-
The secret is unable to be accessed. Verify the resource permissions for the secret and try again.
HTTP Status Code: 400
- UnableToDecryptSecretValueException
-
The secret is accessible but is unable to be decrypted. Verify the resource permisisons and try again.
HTTP Status Code: 400
- UnsupportedUpstreamRegistryException
-
The specified upstream registry isn't supported.
HTTP Status Code: 400
- ValidationException
-
There was an exception validating this request.
HTTP Status Code: 400
Examples
In the following example or examples, the Authorization header contents
(AUTHPARAMS) must be replaced with an AWS Signature Version 4
signature. For more information about creating these signatures, see Signature
Version 4 Signing Process in the
AWS General
Reference.
You only need to learn how to sign HTTP requests if you intend to manually
create them. When you use the AWS Command Line Interface (AWS CLI)
Example
This example creates a pull through cache rule for an upstream registry that requires authentication.
Sample Request
POST / HTTP/1.1
Host: api.ecr.us-west-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonEC2ContainerRegistry_V20150921.CreatePullThroughCacheRule
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/2.13.22 Python/3.11.5 Darwin/16.7.0 botocore/1.12.180
X-Amz-Date: 20231003T155747Z
Authorization: AUTHPARAMS
Content-Length: 268
{
"ecrRepositoryPrefix":"docker-hub",
"upstreamRegistryUrl":"registry-1.docker.io",
"credentialArn":"arn:aws:secretsmanager:us-west-2:012345678910:secret:ecr-pullthroughcache/example1234"
}Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: 123a4b56-7c89-01d2-3ef4-example5678f
Content-Type: application/x-amz-json-1.1
Content-Length: 180
Connection: keep-alive
{
"ecrRepositoryPrefix": "docker-hub",
"upstreamRegistryUrl": "registry-1.docker.io",
"createdAt": "2023-10-03T15:57:48.411000+00:00",
"registryId": "012345678910",
"upstreamRegistry": "docker-hub",
"credentialArn": "arn:aws:secretsmanager:us-west-2:012345678910:secret:ecr-pullthroughcache/example1234"
}Example
This example creates a pull through cache rule for an upstream registry that does not require authentication.
Sample Request
POST / HTTP/1.1
Host: api.ecr.us-west-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonEC2ContainerRegistry_V20150921.CreatePullThroughCacheRule
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/2.13.22 Python/3.11.5 Darwin/16.7.0 botocore/1.12.180
X-Amz-Date: 20231003T155747Z
Authorization: AUTHPARAMS
Content-Length: 268
{
"ecrRepositoryPrefix":"ecr-public",
"upstreamRegistryUrl":"public.ecr.aws"
}Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: 123a4b56-7c89-01d2-3ef4-example5678f
Content-Type: application/x-amz-json-1.1
Content-Length: 180
Connection: keep-alive
{
"ecrRepositoryPrefix": "ecr-public",
"upstreamRegistryUrl": "public.ecr.aws",
"createdAt": "2023-10-03T15:57:48.411000+00:00",
"registryId": "012345678910",
"upstreamRegistry": "ecr-public"
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
