SDK for PHP 3.x

Client: Aws\Ecr\EcrClient
Service ID: ecr
Version: 2015-09-21

This page describes the parameters and results for the operations of the Amazon Elastic Container Registry (2015-09-21), and shows how to use the Aws\Ecr\EcrClient object to call the described operations. This documentation is specific to the 2015-09-21 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

BatchCheckLayerAvailability ( array $params = [] )
Checks the availability of one or more image layers in a repository.
BatchDeleteImage ( array $params = [] )
Deletes a list of specified images within a repository.
BatchGetImage ( array $params = [] )
Gets detailed information for an image.
BatchGetRepositoryScanningConfiguration ( array $params = [] )
Gets the scanning configuration for one or more repositories.
CompleteLayerUpload ( array $params = [] )
Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID.
CreatePullThroughCacheRule ( array $params = [] )
Creates a pull through cache rule.
CreateRepository ( array $params = [] )
Creates a repository.
CreateRepositoryCreationTemplate ( array $params = [] )
Creates a repository creation template.
DeleteLifecyclePolicy ( array $params = [] )
Deletes the lifecycle policy associated with the specified repository.
DeletePullThroughCacheRule ( array $params = [] )
Deletes a pull through cache rule.
DeleteRegistryPolicy ( array $params = [] )
Deletes the registry permissions policy.
DeleteRepository ( array $params = [] )
Deletes a repository.
DeleteRepositoryCreationTemplate ( array $params = [] )
Deletes a repository creation template.
DeleteRepositoryPolicy ( array $params = [] )
Deletes the repository policy associated with the specified repository.
DescribeImageReplicationStatus ( array $params = [] )
Returns the replication status for a specified image.
DescribeImageScanFindings ( array $params = [] )
Returns the scan findings for the specified image.
DescribeImages ( array $params = [] )
Returns metadata about the images in a repository.
DescribePullThroughCacheRules ( array $params = [] )
Returns the pull through cache rules for a registry.
DescribeRegistry ( array $params = [] )
Describes the settings for a registry.
DescribeRepositories ( array $params = [] )
Describes image repositories in a registry.
DescribeRepositoryCreationTemplates ( array $params = [] )
Returns details about the repository creation templates in a registry.
GetAccountSetting ( array $params = [] )
Retrieves the account setting value for the specified setting name.
GetAuthorizationToken ( array $params = [] )
Retrieves an authorization token.
GetDownloadUrlForLayer ( array $params = [] )
Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer.
GetLifecyclePolicy ( array $params = [] )
Retrieves the lifecycle policy for the specified repository.
GetLifecyclePolicyPreview ( array $params = [] )
Retrieves the results of the lifecycle policy preview request for the specified repository.
GetRegistryPolicy ( array $params = [] )
Retrieves the permissions policy for a registry.
GetRegistryScanningConfiguration ( array $params = [] )
Retrieves the scanning configuration for a registry.
GetRepositoryPolicy ( array $params = [] )
Retrieves the repository policy for the specified repository.
InitiateLayerUpload ( array $params = [] )
Notifies Amazon ECR that you intend to upload an image layer.
ListImages ( array $params = [] )
Lists all the image IDs for the specified repository.
ListTagsForResource ( array $params = [] )
List the tags for an Amazon ECR resource.
PutAccountSetting ( array $params = [] )
Allows you to change the basic scan type version or registry policy scope.
PutImage ( array $params = [] )
Creates or updates the image manifest and tags associated with an image.
PutImageScanningConfiguration ( array $params = [] )
The PutImageScanningConfiguration API is being deprecated, in favor of specifying the image scanning configuration at the registry level.
PutImageTagMutability ( array $params = [] )
Updates the image tag mutability settings for the specified repository.
PutLifecyclePolicy ( array $params = [] )
Creates or updates the lifecycle policy for the specified repository.
PutRegistryPolicy ( array $params = [] )
Creates or updates the permissions policy for your registry.
PutRegistryScanningConfiguration ( array $params = [] )
Creates or updates the scanning configuration for your private registry.
PutReplicationConfiguration ( array $params = [] )
Creates or updates the replication configuration for a registry.
SetRepositoryPolicy ( array $params = [] )
Applies a repository policy to the specified repository to control access permissions.
StartImageScan ( array $params = [] )
Starts an image vulnerability scan.
StartLifecyclePolicyPreview ( array $params = [] )
Starts a preview of a lifecycle policy for the specified repository.
TagResource ( array $params = [] )
Adds specified tags to a resource with the specified ARN.
UntagResource ( array $params = [] )
Deletes specified tags from a resource.
UpdatePullThroughCacheRule ( array $params = [] )
Updates an existing pull through cache rule.
UpdateRepositoryCreationTemplate ( array $params = [] )
Updates an existing repository creation template.
UploadLayerPart ( array $params = [] )
Uploads an image layer part to Amazon ECR.
ValidatePullThroughCacheRule ( array $params = [] )
Validates an existing pull through cache rule for an upstream registry that requires authentication.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

DescribeImageScanFindings
DescribeImages
DescribePullThroughCacheRules
DescribeRepositories
DescribeRepositoryCreationTemplates
GetLifecyclePolicyPreview
ListImages

Waiters

Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:

Waiter name API Operation Delay Max Attempts
ImageScanComplete DescribeImageScanFindings 5 60
LifecyclePolicyPreviewComplete GetLifecyclePolicyPreview 5 20

Operations

BatchCheckLayerAvailability

$result = $client->batchCheckLayerAvailability([/* ... */]);
$promise = $client->batchCheckLayerAvailabilityAsync([/* ... */]);

Checks the availability of one or more image layers in a repository.

When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->batchCheckLayerAvailability([
    'layerDigests' => ['<string>', ...], // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
layerDigests
Required: Yes
Type: Array of strings

The digests of the image layers to check.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the image layers to check. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository that is associated with the image layers to check.

Result Syntax

[
    'failures' => [
        [
            'failureCode' => 'InvalidLayerDigest|MissingLayerDigest',
            'failureReason' => '<string>',
            'layerDigest' => '<string>',
        ],
        // ...
    ],
    'layers' => [
        [
            'layerAvailability' => 'AVAILABLE|UNAVAILABLE',
            'layerDigest' => '<string>',
            'layerSize' => <integer>,
            'mediaType' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
failures
Type: Array of LayerFailure structures

Any failures associated with the call.

layers
Type: Array of Layer structures

A list of image layer objects corresponding to the image layer references in the request.

Errors

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ServerException:

These errors are usually caused by a server-side issue.

BatchDeleteImage

$result = $client->batchDeleteImage([/* ... */]);
$promise = $client->batchDeleteImageAsync([/* ... */]);

Deletes a list of specified images within a repository. Images are specified with either an imageTag or imageDigest.

You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.

You can completely delete an image (and all of its tags) by specifying the image's digest in your request.

Parameter Syntax

$result = $client->batchDeleteImage([
    'imageIds' => [ // REQUIRED
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageIds
Required: Yes
Type: Array of ImageIdentifier structures

A list of image ID references that correspond to images to delete. The format of the imageIds reference is imageTag=tag or imageDigest=digest.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the image to delete. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The repository that contains the image to delete.

Result Syntax

[
    'failures' => [
        [
            'failureCode' => 'InvalidImageDigest|InvalidImageTag|ImageTagDoesNotMatchDigest|ImageNotFound|MissingDigestAndTag|ImageReferencedByManifestList|KmsError|UpstreamAccessDenied|UpstreamTooManyRequests|UpstreamUnavailable',
            'failureReason' => '<string>',
            'imageId' => [
                'imageDigest' => '<string>',
                'imageTag' => '<string>',
            ],
        ],
        // ...
    ],
    'imageIds' => [
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
failures
Type: Array of ImageFailure structures

Any failures associated with the call.

imageIds
Type: Array of ImageIdentifier structures

The image IDs of the deleted images.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

Examples

Example 1: To delete multiple images

This example deletes images with the tags precise and trusty in a repository called ubuntu in the default registry for an account.

$result = $client->batchDeleteImage([
    'imageIds' => [
        [
            'imageTag' => 'precise',
        ],
    ],
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'failures' => [
    ],
    'imageIds' => [
        [
            'imageDigest' => 'sha256:examplee6d1e504117a17000003d3753086354a38375961f2e665416ef4b1b2f',
            'imageTag' => 'precise',
        ],
    ],
]

BatchGetImage

$result = $client->batchGetImage([/* ... */]);
$promise = $client->batchGetImageAsync([/* ... */]);

Gets detailed information for an image. Images are specified with either an imageTag or imageDigest.

When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.

Parameter Syntax

$result = $client->batchGetImage([
    'acceptedMediaTypes' => ['<string>', ...],
    'imageIds' => [ // REQUIRED
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
acceptedMediaTypes
Type: Array of strings

The accepted media types for the request.

Valid values: application/vnd.docker.distribution.manifest.v1+json | application/vnd.docker.distribution.manifest.v2+json | application/vnd.oci.image.manifest.v1+json

imageIds
Required: Yes
Type: Array of ImageIdentifier structures

A list of image ID references that correspond to images to describe. The format of the imageIds reference is imageTag=tag or imageDigest=digest.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the images to describe. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The repository that contains the images to describe.

Result Syntax

[
    'failures' => [
        [
            'failureCode' => 'InvalidImageDigest|InvalidImageTag|ImageTagDoesNotMatchDigest|ImageNotFound|MissingDigestAndTag|ImageReferencedByManifestList|KmsError|UpstreamAccessDenied|UpstreamTooManyRequests|UpstreamUnavailable',
            'failureReason' => '<string>',
            'imageId' => [
                'imageDigest' => '<string>',
                'imageTag' => '<string>',
            ],
        ],
        // ...
    ],
    'images' => [
        [
            'imageId' => [
                'imageDigest' => '<string>',
                'imageTag' => '<string>',
            ],
            'imageManifest' => '<string>',
            'imageManifestMediaType' => '<string>',
            'registryId' => '<string>',
            'repositoryName' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
failures
Type: Array of ImageFailure structures

Any failures associated with the call.

images
Type: Array of Image structures

A list of image objects corresponding to the image references in the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

UnableToGetUpstreamImageException:

The image or images were unable to be pulled using the pull through cache rule. This is usually caused because of an issue with the Secrets Manager secret containing the credentials for the upstream registry.

Examples

Example 1: To obtain multiple images in a single request

This example obtains information for an image with a specified image digest ID from the repository named ubuntu in the current account.

$result = $client->batchGetImage([
    'imageIds' => [
        [
            'imageTag' => 'precise',
        ],
    ],
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'failures' => [
    ],
    'images' => [
        [
            'imageId' => [
                'imageDigest' => 'sha256:example76bdff6d83a09ba2a818f0d00000063724a9ac3ba5019c56f74ebf42a',
                'imageTag' => 'precise',
            ],
            'imageManifest' => '{ "schemaVersion": 1, "name": "ubuntu", "tag": "precise",...',
            'registryId' => '244698725403',
            'repositoryName' => 'ubuntu',
        ],
    ],
]

BatchGetRepositoryScanningConfiguration

$result = $client->batchGetRepositoryScanningConfiguration([/* ... */]);
$promise = $client->batchGetRepositoryScanningConfigurationAsync([/* ... */]);

Gets the scanning configuration for one or more repositories.

Parameter Syntax

$result = $client->batchGetRepositoryScanningConfiguration([
    'repositoryNames' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
repositoryNames
Required: Yes
Type: Array of strings

One or more repository names to get the scanning configuration for.

Result Syntax

[
    'failures' => [
        [
            'failureCode' => 'REPOSITORY_NOT_FOUND',
            'failureReason' => '<string>',
            'repositoryName' => '<string>',
        ],
        // ...
    ],
    'scanningConfigurations' => [
        [
            'appliedScanFilters' => [
                [
                    'filter' => '<string>',
                    'filterType' => 'WILDCARD',
                ],
                // ...
            ],
            'repositoryArn' => '<string>',
            'repositoryName' => '<string>',
            'scanFrequency' => 'SCAN_ON_PUSH|CONTINUOUS_SCAN|MANUAL',
            'scanOnPush' => true || false,
        ],
        // ...
    ],
]

Result Details

Members
failures
Type: Array of RepositoryScanningConfigurationFailure structures

Any failures associated with the call.

scanningConfigurations
Type: Array of RepositoryScanningConfiguration structures

The scanning configuration for the requested repositories.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ValidationException:

There was an exception validating this request.

CompleteLayerUpload

$result = $client->completeLayerUpload([/* ... */]);
$promise = $client->completeLayerUploadAsync([/* ... */]);

Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes.

When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->completeLayerUpload([
    'layerDigests' => ['<string>', ...], // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
    'uploadId' => '<string>', // REQUIRED
]);

Parameter Details

Members
layerDigests
Required: Yes
Type: Array of strings

The sha256 digest of the image layer.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to which to upload layers. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to associate with the image layer.

uploadId
Required: Yes
Type: string

The upload ID from a previous InitiateLayerUpload operation to associate with the image layer.

Result Syntax

[
    'layerDigest' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
    'uploadId' => '<string>',
]

Result Details

Members
layerDigest
Type: string

The sha256 digest of the image layer.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

uploadId
Type: string

The upload ID associated with the layer.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

UploadNotFoundException:

The upload could not be found, or the specified upload ID is not valid for this repository.

InvalidLayerException:

The layer digest calculation performed by Amazon ECR upon receipt of the image layer does not match the digest specified.

LayerPartTooSmallException:

Layer parts must be at least 5 MiB in size.

LayerAlreadyExistsException:

The image layer already exists in the associated repository.

EmptyUploadException:

The specified layer upload does not contain any layer parts.

KmsException:

The operation failed due to a KMS exception.

CreatePullThroughCacheRule

$result = $client->createPullThroughCacheRule([/* ... */]);
$promise = $client->createPullThroughCacheRuleAsync([/* ... */]);

Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->createPullThroughCacheRule([
    'credentialArn' => '<string>',
    'ecrRepositoryPrefix' => '<string>', // REQUIRED
    'registryId' => '<string>',
    'upstreamRegistry' => 'ecr-public|quay|k8s|docker-hub|github-container-registry|azure-container-registry|gitlab-container-registry',
    'upstreamRegistryUrl' => '<string>', // REQUIRED
]);

Parameter Details

Members
credentialArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

ecrRepositoryPrefix
Required: Yes
Type: string

The repository name prefix to use when caching images from the source registry.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.

upstreamRegistry
Type: string

The name of the upstream registry.

upstreamRegistryUrl
Required: Yes
Type: string

The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.

  • Amazon ECR Public (ecr-public) - public.ecr.aws

  • Docker Hub (docker-hub) - registry-1.docker.io

  • Quay (quay) - quay.io

  • Kubernetes (k8s) - registry.k8s.io

  • GitHub Container Registry (github-container-registry) - ghcr.io

  • Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io

Result Syntax

[
    'createdAt' => <DateTime>,
    'credentialArn' => '<string>',
    'ecrRepositoryPrefix' => '<string>',
    'registryId' => '<string>',
    'upstreamRegistry' => 'ecr-public|quay|k8s|docker-hub|github-container-registry|azure-container-registry|gitlab-container-registry',
    'upstreamRegistryUrl' => '<string>',
]

Result Details

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the pull through cache rule was created.

credentialArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

ecrRepositoryPrefix
Type: string

The Amazon ECR repository prefix associated with the pull through cache rule.

registryId
Type: string

The registry ID associated with the request.

upstreamRegistry
Type: string

The name of the upstream registry associated with the pull through cache rule.

upstreamRegistryUrl
Type: string

The upstream registry URL associated with the pull through cache rule.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PullThroughCacheRuleAlreadyExistsException:

A pull through cache rule with these settings already exists for the private registry.

UnsupportedUpstreamRegistryException:

The specified upstream registry isn't supported.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

UnableToAccessSecretException:

The secret is unable to be accessed. Verify the resource permissions for the secret and try again.

SecretNotFoundException:

The ARN of the secret specified in the pull through cache rule was not found. Update the pull through cache rule with a valid secret ARN and try again.

UnableToDecryptSecretValueException:

The secret is accessible but is unable to be decrypted. Verify the resource permisisons and try again.

CreateRepository

$result = $client->createRepository([/* ... */]);
$promise = $client->createRepositoryAsync([/* ... */]);

Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->createRepository([
    'encryptionConfiguration' => [
        'encryptionType' => 'AES256|KMS|KMS_DSSE', // REQUIRED
        'kmsKey' => '<string>',
    ],
    'imageScanningConfiguration' => [
        'scanOnPush' => true || false,
    ],
    'imageTagMutability' => 'MUTABLE|IMMUTABLE',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
    'tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
encryptionConfiguration
Type: EncryptionConfiguration structure

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

imageScanningConfiguration
Type: ImageScanningConfiguration structure

The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.

imageTagMutability
Type: string

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app).

The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.

tags
Type: Array of Tag structures

The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Result Syntax

[
    'repository' => [
        'createdAt' => <DateTime>,
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256|KMS|KMS_DSSE',
            'kmsKey' => '<string>',
        ],
        'imageScanningConfiguration' => [
            'scanOnPush' => true || false,
        ],
        'imageTagMutability' => 'MUTABLE|IMMUTABLE',
        'registryId' => '<string>',
        'repositoryArn' => '<string>',
        'repositoryName' => '<string>',
        'repositoryUri' => '<string>',
    ],
]

Result Details

Members
repository
Type: Repository structure

The repository that was created.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

InvalidTagParameterException:

An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

TooManyTagsException:

The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.

RepositoryAlreadyExistsException:

The specified repository already exists in the specified registry.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

KmsException:

The operation failed due to a KMS exception.

Examples

Example 1: To create a new repository

This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account.

$result = $client->createRepository([
    'repositoryName' => 'project-a/nginx-web-app',
]);

Result syntax:

[
    'repository' => [
        'registryId' => '012345678901',
        'repositoryArn' => 'arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app',
        'repositoryName' => 'project-a/nginx-web-app',
    ],
]

CreateRepositoryCreationTemplate

$result = $client->createRepositoryCreationTemplate([/* ... */]);
$promise = $client->createRepositoryCreationTemplateAsync([/* ... */]);

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->createRepositoryCreationTemplate([
    'appliedFor' => ['<string>', ...], // REQUIRED
    'customRoleArn' => '<string>',
    'description' => '<string>',
    'encryptionConfiguration' => [
        'encryptionType' => 'AES256|KMS|KMS_DSSE', // REQUIRED
        'kmsKey' => '<string>',
    ],
    'imageTagMutability' => 'MUTABLE|IMMUTABLE',
    'lifecyclePolicy' => '<string>',
    'prefix' => '<string>', // REQUIRED
    'repositoryPolicy' => '<string>',
    'resourceTags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
appliedFor
Required: Yes
Type: Array of strings

A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

customRoleArn
Type: string

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

description
Type: string

A description for the repository creation template.

encryptionConfiguration

The encryption configuration to use for repositories created using the template.

imageTagMutability
Type: string

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

lifecyclePolicy
Type: string

The lifecycle policy to use for repositories created using the template.

prefix
Required: Yes
Type: string

The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. Similarly, a prefix of prod/team would apply to all repositories beginning with prod/team/.

To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.

repositoryPolicy
Type: string

The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

resourceTags
Type: Array of Tag structures

The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Result Syntax

[
    'registryId' => '<string>',
    'repositoryCreationTemplate' => [
        'appliedFor' => ['<string>', ...],
        'createdAt' => <DateTime>,
        'customRoleArn' => '<string>',
        'description' => '<string>',
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256|KMS|KMS_DSSE',
            'kmsKey' => '<string>',
        ],
        'imageTagMutability' => 'MUTABLE|IMMUTABLE',
        'lifecyclePolicy' => '<string>',
        'prefix' => '<string>',
        'repositoryPolicy' => '<string>',
        'resourceTags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'updatedAt' => <DateTime>,
    ],
]

Result Details

Members
registryId
Type: string

The registry ID associated with the request.

repositoryCreationTemplate
Type: RepositoryCreationTemplate structure

The details of the repository creation template associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

TemplateAlreadyExistsException:

The repository creation template already exists. Specify a unique prefix and try again.

Examples

Example 1: Create a new repository creation template

This example creates a repository creation template.

$result = $client->createRepositoryCreationTemplate([
    'appliedFor' => [
        'REPLICATION',
        'PULL_THROUGH_CACHE',
    ],
    'description' => 'Repos for testing images',
    'encryptionConfiguration' => [
        'encryptionType' => 'AES256',
    ],
    'imageTagMutability' => 'MUTABLE',
    'lifecyclePolicy' => '{ "rules": [ { "rulePriority": 1, "description": "Expire images older than 14 days", "selection": { "tagStatus": "untagged", "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 14 }, "action": { "type": "expire" } } ]}',
    'prefix' => 'eng/test',
    'repositoryPolicy' => '{ "Version": "2012-10-17", "Statement": [ { "Sid": "LambdaECRPullPolicy", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "ecr:BatchGetImage" } ]}',
    'resourceTags' => [
        [
            'Key' => 'environment',
            'Value' => 'test',
        ],
    ],
]);

Result syntax:

[
    'registryId' => '012345678901',
    'repositoryCreationTemplate' => [
        'appliedFor' => [
            'REPLICATION',
            'PULL_THROUGH_CACHE',
        ],
        'createdAt' => ,
        'description' => 'Repos for testing images',
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256',
        ],
        'imageTagMutability' => 'MUTABLE',
        'lifecyclePolicy' => '{ "rules": [ { "rulePriority": 1, "description": "Expire images older than 14 days", "selection": { "tagStatus": "untagged", "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 14 }, "action": { "type": "expire" } } ]}',
        'prefix' => 'eng/test',
        'repositoryPolicy' => '{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "LambdaECRPullPolicy", "Effect" : "Allow", "Principal" : { "Service" : "lambda.amazonaws.com" }, "Action" : "ecr:BatchGetImage" } ]}',
        'resourceTags' => [
            [
                'Key' => 'environment',
                'Value' => 'test',
            ],
        ],
        'updatedAt' => ,
    ],
]

DeleteLifecyclePolicy

$result = $client->deleteLifecyclePolicy([/* ... */]);
$promise = $client->deleteLifecyclePolicyAsync([/* ... */]);

Deletes the lifecycle policy associated with the specified repository.

Parameter Syntax

$result = $client->deleteLifecyclePolicy([
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository.

Result Syntax

[
    'lastEvaluatedAt' => <DateTime>,
    'lifecyclePolicyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
lastEvaluatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time stamp of the last time that the lifecycle policy was run.

lifecyclePolicyText
Type: string

The JSON lifecycle policy text.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

LifecyclePolicyNotFoundException:

The lifecycle policy could not be found, and no policy is set to the repository.

ValidationException:

There was an exception validating this request.

DeletePullThroughCacheRule

$result = $client->deletePullThroughCacheRule([/* ... */]);
$promise = $client->deletePullThroughCacheRuleAsync([/* ... */]);

Deletes a pull through cache rule.

Parameter Syntax

$result = $client->deletePullThroughCacheRule([
    'ecrRepositoryPrefix' => '<string>', // REQUIRED
    'registryId' => '<string>',
]);

Parameter Details

Members
ecrRepositoryPrefix
Required: Yes
Type: string

The Amazon ECR repository prefix associated with the pull through cache rule to delete.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Result Syntax

[
    'createdAt' => <DateTime>,
    'credentialArn' => '<string>',
    'ecrRepositoryPrefix' => '<string>',
    'registryId' => '<string>',
    'upstreamRegistryUrl' => '<string>',
]

Result Details

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp associated with the pull through cache rule.

credentialArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

ecrRepositoryPrefix
Type: string

The Amazon ECR repository prefix associated with the request.

registryId
Type: string

The registry ID associated with the request.

upstreamRegistryUrl
Type: string

The upstream registry URL associated with the pull through cache rule.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PullThroughCacheRuleNotFoundException:

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

DeleteRegistryPolicy

$result = $client->deleteRegistryPolicy([/* ... */]);
$promise = $client->deleteRegistryPolicyAsync([/* ... */]);

Deletes the registry permissions policy.

Parameter Syntax

$result = $client->deleteRegistryPolicy([
]);

Parameter Details

Members

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
]

Result Details

Members
policyText
Type: string

The contents of the registry permissions policy that was deleted.

registryId
Type: string

The registry ID associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RegistryPolicyNotFoundException:

The registry doesn't have an associated registry policy.

ValidationException:

There was an exception validating this request.

DeleteRepository

$result = $client->deleteRepository([/* ... */]);
$promise = $client->deleteRepositoryAsync([/* ... */]);

Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

Parameter Syntax

$result = $client->deleteRepository([
    'force' => true || false,
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
force
Type: boolean

If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to delete.

Result Syntax

[
    'repository' => [
        'createdAt' => <DateTime>,
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256|KMS|KMS_DSSE',
            'kmsKey' => '<string>',
        ],
        'imageScanningConfiguration' => [
            'scanOnPush' => true || false,
        ],
        'imageTagMutability' => 'MUTABLE|IMMUTABLE',
        'registryId' => '<string>',
        'repositoryArn' => '<string>',
        'repositoryName' => '<string>',
        'repositoryUri' => '<string>',
    ],
]

Result Details

Members
repository
Type: Repository structure

The repository that was deleted.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

RepositoryNotEmptyException:

The specified repository contains images. To delete a repository that contains images, you must force the deletion with the force parameter.

KmsException:

The operation failed due to a KMS exception.

Examples

Example 1: To force delete a repository

This example force deletes a repository named ubuntu in the default registry for an account. The force parameter is required if the repository contains images.

$result = $client->deleteRepository([
    'force' => 1,
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'repository' => [
        'registryId' => '012345678901',
        'repositoryArn' => 'arn:aws:ecr:us-west-2:012345678901:repository/ubuntu',
        'repositoryName' => 'ubuntu',
    ],
]

DeleteRepositoryCreationTemplate

$result = $client->deleteRepositoryCreationTemplate([/* ... */]);
$promise = $client->deleteRepositoryCreationTemplateAsync([/* ... */]);

Deletes a repository creation template.

Parameter Syntax

$result = $client->deleteRepositoryCreationTemplate([
    'prefix' => '<string>', // REQUIRED
]);

Parameter Details

Members
prefix
Required: Yes
Type: string

The repository namespace prefix associated with the repository creation template.

Result Syntax

[
    'registryId' => '<string>',
    'repositoryCreationTemplate' => [
        'appliedFor' => ['<string>', ...],
        'createdAt' => <DateTime>,
        'customRoleArn' => '<string>',
        'description' => '<string>',
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256|KMS|KMS_DSSE',
            'kmsKey' => '<string>',
        ],
        'imageTagMutability' => 'MUTABLE|IMMUTABLE',
        'lifecyclePolicy' => '<string>',
        'prefix' => '<string>',
        'repositoryPolicy' => '<string>',
        'resourceTags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'updatedAt' => <DateTime>,
    ],
]

Result Details

Members
registryId
Type: string

The registry ID associated with the request.

repositoryCreationTemplate
Type: RepositoryCreationTemplate structure

The details of the repository creation template that was deleted.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

TemplateNotFoundException:

The specified repository creation template can't be found. Verify the registry ID and prefix and try again.

Examples

Example 1: Delete a repository creation template

This example deletes a repository creation template.

$result = $client->deleteRepositoryCreationTemplate([
    'prefix' => 'eng',
]);

Result syntax:

[
    'registryId' => '012345678901',
    'repositoryCreationTemplate' => [
        'createdAt' => ,
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256',
        ],
        'imageTagMutability' => 'MUTABLE',
        'prefix' => 'eng',
        'updatedAt' => ,
    ],
]

DeleteRepositoryPolicy

$result = $client->deleteRepositoryPolicy([/* ... */]);
$promise = $client->deleteRepositoryPolicyAsync([/* ... */]);

Deletes the repository policy associated with the specified repository.

Parameter Syntax

$result = $client->deleteRepositoryPolicy([
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository that is associated with the repository policy to delete.

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
policyText
Type: string

The JSON repository policy that was deleted from the repository.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

RepositoryPolicyNotFoundException:

The specified repository and registry combination does not have an associated repository policy.

Examples

Example 1: To delete the policy associated with a repository

This example deletes the policy associated with the repository named ubuntu in the current account.

$result = $client->deleteRepositoryPolicy([
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'policyText' => '{ ... }',
    'registryId' => '012345678901',
    'repositoryName' => 'ubuntu',
]

DescribeImageReplicationStatus

$result = $client->describeImageReplicationStatus([/* ... */]);
$promise = $client->describeImageReplicationStatusAsync([/* ... */]);

Returns the replication status for a specified image.

Parameter Syntax

$result = $client->describeImageReplicationStatus([
    'imageId' => [ // REQUIRED
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageId
Required: Yes
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

registryId
Type: string

The Amazon Web Services account ID associated with the registry. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository that the image is in.

Result Syntax

[
    'imageId' => [
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'replicationStatuses' => [
        [
            'failureCode' => '<string>',
            'region' => '<string>',
            'registryId' => '<string>',
            'status' => 'IN_PROGRESS|COMPLETE|FAILED',
        ],
        // ...
    ],
    'repositoryName' => '<string>',
]

Result Details

Members
imageId
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

replicationStatuses
Type: Array of ImageReplicationStatus structures

The replication status details for the images in the specified repository.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ImageNotFoundException:

The image requested does not exist in the specified repository.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ValidationException:

There was an exception validating this request.

DescribeImageScanFindings

$result = $client->describeImageScanFindings([/* ... */]);
$promise = $client->describeImageScanFindingsAsync([/* ... */]);

Returns the scan findings for the specified image.

Parameter Syntax

$result = $client->describeImageScanFindings([
    'imageId' => [ // REQUIRED
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageId
Required: Yes
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

maxResults
Type: int

The maximum number of image scan results returned by DescribeImageScanFindings in paginated output. When this parameter is used, DescribeImageScanFindings only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings returns up to 100 results and a nextToken value, if applicable.

nextToken
Type: string

The nextToken value returned from a previous paginated DescribeImageScanFindings request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The repository for the image for which to describe the scan findings.

Result Syntax

[
    'imageId' => [
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'imageScanFindings' => [
        'enhancedFindings' => [
            [
                'awsAccountId' => '<string>',
                'description' => '<string>',
                'exploitAvailable' => '<string>',
                'findingArn' => '<string>',
                'firstObservedAt' => <DateTime>,
                'fixAvailable' => '<string>',
                'lastObservedAt' => <DateTime>,
                'packageVulnerabilityDetails' => [
                    'cvss' => [
                        [
                            'baseScore' => <float>,
                            'scoringVector' => '<string>',
                            'source' => '<string>',
                            'version' => '<string>',
                        ],
                        // ...
                    ],
                    'referenceUrls' => ['<string>', ...],
                    'relatedVulnerabilities' => ['<string>', ...],
                    'source' => '<string>',
                    'sourceUrl' => '<string>',
                    'vendorCreatedAt' => <DateTime>,
                    'vendorSeverity' => '<string>',
                    'vendorUpdatedAt' => <DateTime>,
                    'vulnerabilityId' => '<string>',
                    'vulnerablePackages' => [
                        [
                            'arch' => '<string>',
                            'epoch' => <integer>,
                            'filePath' => '<string>',
                            'fixedInVersion' => '<string>',
                            'name' => '<string>',
                            'packageManager' => '<string>',
                            'release' => '<string>',
                            'sourceLayerHash' => '<string>',
                            'version' => '<string>',
                        ],
                        // ...
                    ],
                ],
                'remediation' => [
                    'recommendation' => [
                        'text' => '<string>',
                        'url' => '<string>',
                    ],
                ],
                'resources' => [
                    [
                        'details' => [
                            'awsEcrContainerImage' => [
                                'architecture' => '<string>',
                                'author' => '<string>',
                                'imageHash' => '<string>',
                                'imageTags' => ['<string>', ...],
                                'platform' => '<string>',
                                'pushedAt' => <DateTime>,
                                'registry' => '<string>',
                                'repositoryName' => '<string>',
                            ],
                        ],
                        'id' => '<string>',
                        'tags' => ['<string>', ...],
                        'type' => '<string>',
                    ],
                    // ...
                ],
                'score' => <float>,
                'scoreDetails' => [
                    'cvss' => [
                        'adjustments' => [
                            [
                                'metric' => '<string>',
                                'reason' => '<string>',
                            ],
                            // ...
                        ],
                        'score' => <float>,
                        'scoreSource' => '<string>',
                        'scoringVector' => '<string>',
                        'version' => '<string>',
                    ],
                ],
                'severity' => '<string>',
                'status' => '<string>',
                'title' => '<string>',
                'type' => '<string>',
                'updatedAt' => <DateTime>,
            ],
            // ...
        ],
        'findingSeverityCounts' => [<integer>, ...],
        'findings' => [
            [
                'attributes' => [
                    [
                        'key' => '<string>',
                        'value' => '<string>',
                    ],
                    // ...
                ],
                'description' => '<string>',
                'name' => '<string>',
                'severity' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL|UNDEFINED',
                'uri' => '<string>',
            ],
            // ...
        ],
        'imageScanCompletedAt' => <DateTime>,
        'vulnerabilitySourceUpdatedAt' => <DateTime>,
    ],
    'imageScanStatus' => [
        'description' => '<string>',
        'status' => 'IN_PROGRESS|COMPLETE|FAILED|UNSUPPORTED_IMAGE|ACTIVE|PENDING|SCAN_ELIGIBILITY_EXPIRED|FINDINGS_UNAVAILABLE',
    ],
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
imageId
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

imageScanFindings
Type: ImageScanFindings structure

The information contained in the image scan findings.

imageScanStatus
Type: ImageScanStatus structure

The current state of the scan.

nextToken
Type: string

The nextToken value to include in a future DescribeImageScanFindings request. When the results of a DescribeImageScanFindings request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ImageNotFoundException:

The image requested does not exist in the specified repository.

ScanNotFoundException:

The specified image scan could not be found. Ensure that image scanning is enabled on the repository and try again.

ValidationException:

There was an exception validating this request.

DescribeImages

$result = $client->describeImages([/* ... */]);
$promise = $client->describeImagesAsync([/* ... */]);

Returns metadata about the images in a repository.

Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.

Parameter Syntax

$result = $client->describeImages([
    'filter' => [
        'tagStatus' => 'TAGGED|UNTAGGED|ANY',
    ],
    'imageIds' => [
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
filter
Type: DescribeImagesFilter structure

The filter key and value with which to filter your DescribeImages results.

imageIds
Type: Array of ImageIdentifier structures

The list of image IDs for the requested repository.

maxResults
Type: int

The maximum number of repository results returned by DescribeImages in paginated output. When this parameter is used, DescribeImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImages returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify images with imageIds.

nextToken
Type: string

The nextToken value returned from a previous paginated DescribeImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify images with imageIds.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The repository that contains the images to describe.

Result Syntax

[
    'imageDetails' => [
        [
            'artifactMediaType' => '<string>',
            'imageDigest' => '<string>',
            'imageManifestMediaType' => '<string>',
            'imagePushedAt' => <DateTime>,
            'imageScanFindingsSummary' => [
                'findingSeverityCounts' => [<integer>, ...],
                'imageScanCompletedAt' => <DateTime>,
                'vulnerabilitySourceUpdatedAt' => <DateTime>,
            ],
            'imageScanStatus' => [
                'description' => '<string>',
                'status' => 'IN_PROGRESS|COMPLETE|FAILED|UNSUPPORTED_IMAGE|ACTIVE|PENDING|SCAN_ELIGIBILITY_EXPIRED|FINDINGS_UNAVAILABLE',
            ],
            'imageSizeInBytes' => <integer>,
            'imageTags' => ['<string>', ...],
            'lastRecordedPullTime' => <DateTime>,
            'registryId' => '<string>',
            'repositoryName' => '<string>',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
imageDetails
Type: Array of ImageDetail structures

A list of ImageDetail objects that contain data about the image.

nextToken
Type: string

The nextToken value to include in a future DescribeImages request. When the results of a DescribeImages request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ImageNotFoundException:

The image requested does not exist in the specified repository.

DescribePullThroughCacheRules

$result = $client->describePullThroughCacheRules([/* ... */]);
$promise = $client->describePullThroughCacheRulesAsync([/* ... */]);

Returns the pull through cache rules for a registry.

Parameter Syntax

$result = $client->describePullThroughCacheRules([
    'ecrRepositoryPrefixes' => ['<string>', ...],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
]);

Parameter Details

Members
ecrRepositoryPrefixes
Type: Array of strings

The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.

maxResults
Type: int

The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.

nextToken
Type: string

The nextToken value returned from a previous paginated DescribePullThroughCacheRulesRequest request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.

Result Syntax

[
    'nextToken' => '<string>',
    'pullThroughCacheRules' => [
        [
            'createdAt' => <DateTime>,
            'credentialArn' => '<string>',
            'ecrRepositoryPrefix' => '<string>',
            'registryId' => '<string>',
            'updatedAt' => <DateTime>,
            'upstreamRegistry' => 'ecr-public|quay|k8s|docker-hub|github-container-registry|azure-container-registry|gitlab-container-registry',
            'upstreamRegistryUrl' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
nextToken
Type: string

The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

pullThroughCacheRules
Type: Array of PullThroughCacheRule structures

The details of the pull through cache rules.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PullThroughCacheRuleNotFoundException:

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

DescribeRegistry

$result = $client->describeRegistry([/* ... */]);
$promise = $client->describeRegistryAsync([/* ... */]);

Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.

Parameter Syntax

$result = $client->describeRegistry([
]);

Parameter Details

Members

Result Syntax

[
    'registryId' => '<string>',
    'replicationConfiguration' => [
        'rules' => [
            [
                'destinations' => [
                    [
                        'region' => '<string>',
                        'registryId' => '<string>',
                    ],
                    // ...
                ],
                'repositoryFilters' => [
                    [
                        'filter' => '<string>',
                        'filterType' => 'PREFIX_MATCH',
                    ],
                    // ...
                ],
            ],
            // ...
        ],
    ],
]

Result Details

Members
registryId
Type: string

The registry ID associated with the request.

replicationConfiguration
Type: ReplicationConfiguration structure

The replication configuration for the registry.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

DescribeRepositories

$result = $client->describeRepositories([/* ... */]);
$promise = $client->describeRepositoriesAsync([/* ... */]);

Describes image repositories in a registry.

Parameter Syntax

$result = $client->describeRepositories([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryNames' => ['<string>', ...],
]);

Parameter Details

Members
maxResults
Type: int

The maximum number of repository results returned by DescribeRepositories in paginated output. When this parameter is used, DescribeRepositories only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositories request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositories returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify repositories with repositoryNames.

nextToken
Type: string

The nextToken value returned from a previous paginated DescribeRepositories request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames.

This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.

repositoryNames
Type: Array of strings

A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.

Result Syntax

[
    'nextToken' => '<string>',
    'repositories' => [
        [
            'createdAt' => <DateTime>,
            'encryptionConfiguration' => [
                'encryptionType' => 'AES256|KMS|KMS_DSSE',
                'kmsKey' => '<string>',
            ],
            'imageScanningConfiguration' => [
                'scanOnPush' => true || false,
            ],
            'imageTagMutability' => 'MUTABLE|IMMUTABLE',
            'registryId' => '<string>',
            'repositoryArn' => '<string>',
            'repositoryName' => '<string>',
            'repositoryUri' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
nextToken
Type: string

The nextToken value to include in a future DescribeRepositories request. When the results of a DescribeRepositories request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

repositories
Type: Array of Repository structures

A list of repository objects corresponding to valid repositories.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

Examples

Example 1: To describe all repositories in the current account

The following example obtains a list and description of all repositories in the default registry to which the current user has access.

$result = $client->describeRepositories([
]);

Result syntax:

[
    'repositories' => [
        [
            'registryId' => '012345678910',
            'repositoryArn' => 'arn:aws:ecr:us-west-2:012345678910:repository/ubuntu',
            'repositoryName' => 'ubuntu',
        ],
        [
            'registryId' => '012345678910',
            'repositoryArn' => 'arn:aws:ecr:us-west-2:012345678910:repository/test',
            'repositoryName' => 'test',
        ],
    ],
]

DescribeRepositoryCreationTemplates

$result = $client->describeRepositoryCreationTemplates([/* ... */]);
$promise = $client->describeRepositoryCreationTemplatesAsync([/* ... */]);

Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.

Parameter Syntax

$result = $client->describeRepositoryCreationTemplates([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'prefixes' => ['<string>', ...],
]);

Parameter Details

Members
maxResults
Type: int

The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositoryCreationTemplatesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositoryCreationTemplatesRequest returns up to 100 results and a nextToken value, if applicable.

nextToken
Type: string

The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

prefixes
Type: Array of strings

The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.

Result Syntax

[
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryCreationTemplates' => [
        [
            'appliedFor' => ['<string>', ...],
            'createdAt' => <DateTime>,
            'customRoleArn' => '<string>',
            'description' => '<string>',
            'encryptionConfiguration' => [
                'encryptionType' => 'AES256|KMS|KMS_DSSE',
                'kmsKey' => '<string>',
            ],
            'imageTagMutability' => 'MUTABLE|IMMUTABLE',
            'lifecyclePolicy' => '<string>',
            'prefix' => '<string>',
            'repositoryPolicy' => '<string>',
            'resourceTags' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'updatedAt' => <DateTime>,
        ],
        // ...
    ],
]

Result Details

Members
nextToken
Type: string

The nextToken value to include in a future DescribeRepositoryCreationTemplates request. When the results of a DescribeRepositoryCreationTemplates request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

registryId
Type: string

The registry ID associated with the request.

repositoryCreationTemplates
Type: Array of RepositoryCreationTemplate structures

The details of the repository creation templates.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

Examples

Example 1: Describe a repository creation template

This example describes the contents of a repository creation template.

$result = $client->describeRepositoryCreationTemplates([
    'maxResults' => 123,
    'nextToken' => '',
    'prefixes' => [
        'eng',
    ],
]);

Result syntax:

[
    'nextToken' => '',
    'registryId' => '012345678901',
    'repositoryCreationTemplates' => [
        [
            'appliedFor' => [
                'PULL_THROUGH_CACHE',
                'REPLICATION',
            ],
            'createdAt' => ,
            'encryptionConfiguration' => [
                'encryptionType' => 'AES256',
            ],
            'imageTagMutability' => 'MUTABLE',
            'prefix' => 'eng/test',
            'updatedAt' => ,
        ],
        [
            'appliedFor' => [
                'REPLICATION',
            ],
            'createdAt' => ,
            'encryptionConfiguration' => [
                'encryptionType' => 'AES256',
            ],
            'imageTagMutability' => 'IMMUTABLE',
            'prefix' => 'eng/replication-test',
            'updatedAt' => ,
        ],
    ],
]

GetAccountSetting

$result = $client->getAccountSetting([/* ... */]);
$promise = $client->getAccountSettingAsync([/* ... */]);

Retrieves the account setting value for the specified setting name.

Parameter Syntax

$result = $client->getAccountSetting([
    'name' => '<string>', // REQUIRED
]);

Parameter Details

Members
name
Required: Yes
Type: string

The name of the account setting, such as BASIC_SCAN_TYPE_VERSION or REGISTRY_POLICY_SCOPE.

Result Syntax

[
    'name' => '<string>',
    'value' => '<string>',
]

Result Details

Members
name
Type: string

Retrieves the name of the account setting.

value
Type: string

The setting value for the setting name. The following are valid values for the basic scan type being used: AWS_NATIVE or CLAIR. The following are valid values for the registry policy scope being used: V1 or V2.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

GetAuthorizationToken

$result = $client->getAuthorizationToken([/* ... */]);
$promise = $client->getAuthorizationTokenAsync([/* ... */]);

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.

The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->getAuthorizationToken([
    'registryIds' => ['<string>', ...],
]);

Parameter Details

Members
registryIds
Type: Array of strings

A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.

Result Syntax

[
    'authorizationData' => [
        [
            'authorizationToken' => '<string>',
            'expiresAt' => <DateTime>,
            'proxyEndpoint' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
authorizationData
Type: Array of AuthorizationData structures

A list of authorization token data objects that correspond to the registryIds values in the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

Examples

Example 1: To obtain an authorization token

This example gets an authorization token for your default registry.

$result = $client->getAuthorizationToken([
]);

Result syntax:

[
    'authorizationData' => [
        [
            'authorizationToken' => 'QVdTOkNEXAMPLE',
            'expiresAt' => ,
            'proxyEndpoint' => 'https://012345678901.dkr.ecr.us-west-2.amazonaws.com',
        ],
    ],
]

GetDownloadUrlForLayer

$result = $client->getDownloadUrlForLayer([/* ... */]);
$promise = $client->getDownloadUrlForLayerAsync([/* ... */]);

Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.

When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->getDownloadUrlForLayer([
    'layerDigest' => '<string>', // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
layerDigest
Required: Yes
Type: string

The digest of the image layer to download.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository that is associated with the image layer to download.

Result Syntax

[
    'downloadUrl' => '<string>',
    'layerDigest' => '<string>',
]

Result Details

Members
downloadUrl
Type: string

The pre-signed Amazon S3 download URL for the requested layer.

layerDigest
Type: string

The digest of the image layer to download.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

LayersNotFoundException:

The specified layers could not be found, or the specified layer is not valid for this repository.

LayerInaccessibleException:

The specified layer is not available because it is not associated with an image. Unassociated image layers may be cleaned up at any time.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

UnableToGetUpstreamLayerException:

There was an issue getting the upstream layer matching the pull through cache rule.

GetLifecyclePolicy

$result = $client->getLifecyclePolicy([/* ... */]);
$promise = $client->getLifecyclePolicyAsync([/* ... */]);

Retrieves the lifecycle policy for the specified repository.

Parameter Syntax

$result = $client->getLifecyclePolicy([
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository.

Result Syntax

[
    'lastEvaluatedAt' => <DateTime>,
    'lifecyclePolicyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
lastEvaluatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time stamp of the last time that the lifecycle policy was run.

lifecyclePolicyText
Type: string

The JSON lifecycle policy text.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

LifecyclePolicyNotFoundException:

The lifecycle policy could not be found, and no policy is set to the repository.

ValidationException:

There was an exception validating this request.

GetLifecyclePolicyPreview

$result = $client->getLifecyclePolicyPreview([/* ... */]);
$promise = $client->getLifecyclePolicyPreviewAsync([/* ... */]);

Retrieves the results of the lifecycle policy preview request for the specified repository.

Parameter Syntax

$result = $client->getLifecyclePolicyPreview([
    'filter' => [
        'tagStatus' => 'TAGGED|UNTAGGED|ANY',
    ],
    'imageIds' => [
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
filter

An optional parameter that filters results based on image tag status and all tags, if tagged.

imageIds
Type: Array of ImageIdentifier structures

The list of imageIDs to be included.

maxResults
Type: int

The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a single page along with a nextToken
 response element. The remaining results of the initial request can be seen by sending
 another GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value. This value can be between 1 and 1000. If this
 parameter is not used, then GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken value, if
 applicable. This option cannot be used when you specify images with imageIds.

nextToken
Type: string

The nextToken value returned from a previous paginated
 GetLifecyclePolicyPreviewRequest request where maxResults was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the nextToken value. This value is
 null when there are no more results to return. This option cannot be used when you specify images with imageIds.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository.

Result Syntax

[
    'lifecyclePolicyText' => '<string>',
    'nextToken' => '<string>',
    'previewResults' => [
        [
            'action' => [
                'type' => 'EXPIRE',
            ],
            'appliedRulePriority' => <integer>,
            'imageDigest' => '<string>',
            'imagePushedAt' => <DateTime>,
            'imageTags' => ['<string>', ...],
        ],
        // ...
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>',
    'status' => 'IN_PROGRESS|COMPLETE|EXPIRED|FAILED',
    'summary' => [
        'expiringImageTotalCount' => <integer>,
    ],
]

Result Details

Members
lifecyclePolicyText
Type: string

The JSON lifecycle policy text.

nextToken
Type: string

The nextToken value to include in a future GetLifecyclePolicyPreview request. When the results of a GetLifecyclePolicyPreview request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

previewResults
Type: Array of LifecyclePolicyPreviewResult structures

The results of the lifecycle policy preview request.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

status
Type: string

The status of the lifecycle policy preview request.

summary

The list of images that is returned as a result of the action.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

LifecyclePolicyPreviewNotFoundException:

There is no dry run for this repository.

ValidationException:

There was an exception validating this request.

GetRegistryPolicy

$result = $client->getRegistryPolicy([/* ... */]);
$promise = $client->getRegistryPolicyAsync([/* ... */]);

Retrieves the permissions policy for a registry.

Parameter Syntax

$result = $client->getRegistryPolicy([
]);

Parameter Details

Members

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
]

Result Details

Members
policyText
Type: string

The JSON text of the permissions policy for a registry.

registryId
Type: string

The registry ID associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RegistryPolicyNotFoundException:

The registry doesn't have an associated registry policy.

ValidationException:

There was an exception validating this request.

GetRegistryScanningConfiguration

$result = $client->getRegistryScanningConfiguration([/* ... */]);
$promise = $client->getRegistryScanningConfigurationAsync([/* ... */]);

Retrieves the scanning configuration for a registry.

Parameter Syntax

$result = $client->getRegistryScanningConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'registryId' => '<string>',
    'scanningConfiguration' => [
        'rules' => [
            [
                'repositoryFilters' => [
                    [
                        'filter' => '<string>',
                        'filterType' => 'WILDCARD',
                    ],
                    // ...
                ],
                'scanFrequency' => 'SCAN_ON_PUSH|CONTINUOUS_SCAN|MANUAL',
            ],
            // ...
        ],
        'scanType' => 'BASIC|ENHANCED',
    ],
]

Result Details

Members
registryId
Type: string

The registry ID associated with the request.

scanningConfiguration

The scanning configuration for the registry.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

GetRepositoryPolicy

$result = $client->getRepositoryPolicy([/* ... */]);
$promise = $client->getRepositoryPolicyAsync([/* ... */]);

Retrieves the repository policy for the specified repository.

Parameter Syntax

$result = $client->getRepositoryPolicy([
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository with the policy to retrieve.

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
policyText
Type: string

The JSON repository policy text associated with the repository.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

RepositoryPolicyNotFoundException:

The specified repository and registry combination does not have an associated repository policy.

Examples

Example 1: To get the current policy for a repository

This example obtains the repository policy for the repository named ubuntu.

$result = $client->getRepositoryPolicy([
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'policyText' => '{ "Version" : "2008-10-17", "Statement" : [ { "Sid" : "new statement", "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam::012345678901:role/CodeDeployDemo" },"Action" : [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ] } ]}',
    'registryId' => '012345678901',
    'repositoryName' => 'ubuntu',
]

InitiateLayerUpload

$result = $client->initiateLayerUpload([/* ... */]);
$promise = $client->initiateLayerUploadAsync([/* ... */]);

Notifies Amazon ECR that you intend to upload an image layer.

When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->initiateLayerUpload([
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
registryId
Type: string

The Amazon Web Services account ID associated with the registry to which you intend to upload layers. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to which you intend to upload layers.

Result Syntax

[
    'partSize' => <integer>,
    'uploadId' => '<string>',
]

Result Details

Members
partSize
Type: long (int|float)

The size, in bytes, that Amazon ECR expects future layer part uploads to be.

uploadId
Type: string

The upload ID for the layer upload. This parameter is passed to further UploadLayerPart and CompleteLayerUpload operations.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

KmsException:

The operation failed due to a KMS exception.

ListImages

$result = $client->listImages([/* ... */]);
$promise = $client->listImagesAsync([/* ... */]);

Lists all the image IDs for the specified repository.

You can filter images based on whether or not they are tagged by using the tagStatus filter and specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.

Parameter Syntax

$result = $client->listImages([
    'filter' => [
        'tagStatus' => 'TAGGED|UNTAGGED|ANY',
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
filter
Type: ListImagesFilter structure

The filter key and value with which to filter your ListImages results.

maxResults
Type: int

The maximum number of image results returned by ListImages in paginated output. When this parameter is used, ListImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then ListImages returns up to 100 results and a nextToken value, if applicable.

nextToken
Type: string

The nextToken value returned from a previous paginated ListImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to list images. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The repository with image IDs to be listed.

Result Syntax

[
    'imageIds' => [
        [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
imageIds
Type: Array of ImageIdentifier structures

The list of image IDs for the requested repository.

nextToken
Type: string

The nextToken value to include in a future ListImages request. When the results of a ListImages request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

Examples

Example 1: To list all images in a repository

This example lists all of the images in the repository named ubuntu in the default registry in the current account.

$result = $client->listImages([
    'repositoryName' => 'ubuntu',
]);

Result syntax:

[
    'imageIds' => [
        [
            'imageDigest' => 'sha256:764f63476bdff6d83a09ba2a818f0d35757063724a9ac3ba5019c56f74ebf42a',
            'imageTag' => 'precise',
        ],
    ],
]

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

List the tags for an Amazon ECR resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.

Result Syntax

[
    'tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
tags
Type: Array of Tag structures

The tags for the resource.

Errors

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ServerException:

These errors are usually caused by a server-side issue.

PutAccountSetting

$result = $client->putAccountSetting([/* ... */]);
$promise = $client->putAccountSettingAsync([/* ... */]);

Allows you to change the basic scan type version or registry policy scope.

Parameter Syntax

$result = $client->putAccountSetting([
    'name' => '<string>', // REQUIRED
    'value' => '<string>', // REQUIRED
]);

Parameter Details

Members
name
Required: Yes
Type: string

The name of the account setting, such as BASIC_SCAN_TYPE_VERSION or REGISTRY_POLICY_SCOPE.

value
Required: Yes
Type: string

Setting value that is specified. The following are valid values for the basic scan type being used: AWS_NATIVE or CLAIR. The following are valid values for the registry policy scope being used: V1 or V2.

Result Syntax

[
    'name' => '<string>',
    'value' => '<string>',
]

Result Details

Members
name
Type: string

Retrieves the name of the account setting.

value
Type: string

Retrieves the value of the specified account setting.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

PutImage

$result = $client->putImage([/* ... */]);
$promise = $client->putImageAsync([/* ... */]);

Creates or updates the image manifest and tags associated with an image.

When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->putImage([
    'imageDigest' => '<string>',
    'imageManifest' => '<string>', // REQUIRED
    'imageManifestMediaType' => '<string>',
    'imageTag' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageDigest
Type: string

The image digest of the image manifest corresponding to the image.

imageManifest
Required: Yes
Type: string

The image manifest corresponding to the image to be uploaded.

imageManifestMediaType
Type: string

The media type of the image manifest. If you push an image manifest that does not contain the mediaType field, you must specify the imageManifestMediaType in the request.

imageTag
Type: string

The tag to associate with the image. This parameter is required for images that use the Docker Image Manifest V2 Schema 2 or Open Container Initiative (OCI) formats.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to put the image. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository in which to put the image.

Result Syntax

[
    'image' => [
        'imageId' => [
            'imageDigest' => '<string>',
            'imageTag' => '<string>',
        ],
        'imageManifest' => '<string>',
        'imageManifestMediaType' => '<string>',
        'registryId' => '<string>',
        'repositoryName' => '<string>',
    ],
]

Result Details

Members
image
Type: Image structure

Details of the image uploaded.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ImageAlreadyExistsException:

The specified image has already been pushed, and there were no changes to the manifest or image tag after the last push.

LayersNotFoundException:

The specified layers could not be found, or the specified layer is not valid for this repository.

ReferencedImagesNotFoundException:

The manifest list is referencing an image that does not exist.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

ImageTagAlreadyExistsException:

The specified image is tagged with a tag that already exists. The repository is configured for tag immutability.

ImageDigestDoesNotMatchException:

The specified image digest does not match the digest that Amazon ECR calculated for the image.

KmsException:

The operation failed due to a KMS exception.

PutImageScanningConfiguration

$result = $client->putImageScanningConfiguration([/* ... */]);
$promise = $client->putImageScanningConfigurationAsync([/* ... */]);

The PutImageScanningConfiguration API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration.

Updates the image scanning configuration for the specified repository.

Parameter Syntax

$result = $client->putImageScanningConfiguration([
    'imageScanningConfiguration' => [ // REQUIRED
        'scanOnPush' => true || false,
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageScanningConfiguration
Required: Yes
Type: ImageScanningConfiguration structure

The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image scanning configuration setting. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository in which to update the image scanning configuration setting.

Result Syntax

[
    'imageScanningConfiguration' => [
        'scanOnPush' => true || false,
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
imageScanningConfiguration
Type: ImageScanningConfiguration structure

The image scanning configuration setting for the repository.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ValidationException:

There was an exception validating this request.

PutImageTagMutability

$result = $client->putImageTagMutability([/* ... */]);
$promise = $client->putImageTagMutabilityAsync([/* ... */]);

Updates the image tag mutability settings for the specified repository. For more information, see Image tag mutability in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->putImageTagMutability([
    'imageTagMutability' => 'MUTABLE|IMMUTABLE', // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageTagMutability
Required: Yes
Type: string

The tag mutability setting for the repository. If MUTABLE is specified, image tags can be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image tag mutability settings. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository in which to update the image tag mutability settings.

Result Syntax

[
    'imageTagMutability' => 'MUTABLE|IMMUTABLE',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
imageTagMutability
Type: string

The image tag mutability setting for the repository.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

PutLifecyclePolicy

$result = $client->putLifecyclePolicy([/* ... */]);
$promise = $client->putLifecyclePolicyAsync([/* ... */]);

Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template.

Parameter Syntax

$result = $client->putLifecyclePolicy([
    'lifecyclePolicyText' => '<string>', // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
lifecyclePolicyText
Required: Yes
Type: string

The JSON repository policy text to apply to the repository.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do
 not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to receive the policy.

Result Syntax

[
    'lifecyclePolicyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
lifecyclePolicyText
Type: string

The JSON repository policy text.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ValidationException:

There was an exception validating this request.

PutRegistryPolicy

$result = $client->putRegistryPolicy([/* ... */]);
$promise = $client->putRegistryPolicyAsync([/* ... */]);

Creates or updates the permissions policy for your registry.

A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->putRegistryPolicy([
    'policyText' => '<string>', // REQUIRED
]);

Parameter Details

Members
policyText
Required: Yes
Type: string

The JSON policy text to apply to your registry. The policy text follows the same format as IAM policy text. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
]

Result Details

Members
policyText
Type: string

The JSON policy text for your registry.

registryId
Type: string

The registry ID associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PutRegistryScanningConfiguration

$result = $client->putRegistryScanningConfiguration([/* ... */]);
$promise = $client->putRegistryScanningConfigurationAsync([/* ... */]);

Creates or updates the scanning configuration for your private registry.

Parameter Syntax

$result = $client->putRegistryScanningConfiguration([
    'rules' => [
        [
            'repositoryFilters' => [ // REQUIRED
                [
                    'filter' => '<string>', // REQUIRED
                    'filterType' => 'WILDCARD', // REQUIRED
                ],
                // ...
            ],
            'scanFrequency' => 'SCAN_ON_PUSH|CONTINUOUS_SCAN|MANUAL', // REQUIRED
        ],
        // ...
    ],
    'scanType' => 'BASIC|ENHANCED',
]);

Parameter Details

Members
rules
Type: Array of RegistryScanningRule structures

The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.

scanType
Type: string

The scanning type to set for the registry.

When a registry scanning configuration is not defined, by default the BASIC scan type is used. When basic scanning is used, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed to those repositories. Alternatively, you can do manual scans of images with basic scanning.

When the ENHANCED scan type is set, Amazon Inspector provides automated vulnerability scanning. You may choose between continuous scanning or scan on push and you may specify filters to determine which individual repositories, or all repositories, are scanned.

Result Syntax

[
    'registryScanningConfiguration' => [
        'rules' => [
            [
                'repositoryFilters' => [
                    [
                        'filter' => '<string>',
                        'filterType' => 'WILDCARD',
                    ],
                    // ...
                ],
                'scanFrequency' => 'SCAN_ON_PUSH|CONTINUOUS_SCAN|MANUAL',
            ],
            // ...
        ],
        'scanType' => 'BASIC|ENHANCED',
    ],
]

Result Details

Members
registryScanningConfiguration

The scanning configuration for your registry.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PutReplicationConfiguration

$result = $client->putReplicationConfiguration([/* ... */]);
$promise = $client->putReplicationConfigurationAsync([/* ... */]);

Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication.

When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.

Parameter Syntax

$result = $client->putReplicationConfiguration([
    'replicationConfiguration' => [ // REQUIRED
        'rules' => [ // REQUIRED
            [
                'destinations' => [ // REQUIRED
                    [
                        'region' => '<string>', // REQUIRED
                        'registryId' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'repositoryFilters' => [
                    [
                        'filter' => '<string>', // REQUIRED
                        'filterType' => 'PREFIX_MATCH', // REQUIRED
                    ],
                    // ...
                ],
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members
replicationConfiguration
Required: Yes
Type: ReplicationConfiguration structure

An object representing the replication configuration for a registry.

Result Syntax

[
    'replicationConfiguration' => [
        'rules' => [
            [
                'destinations' => [
                    [
                        'region' => '<string>',
                        'registryId' => '<string>',
                    ],
                    // ...
                ],
                'repositoryFilters' => [
                    [
                        'filter' => '<string>',
                        'filterType' => 'PREFIX_MATCH',
                    ],
                    // ...
                ],
            ],
            // ...
        ],
    ],
]

Result Details

Members
replicationConfiguration
Type: ReplicationConfiguration structure

The contents of the replication configuration for the registry.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

SetRepositoryPolicy

$result = $client->setRepositoryPolicy([/* ... */]);
$promise = $client->setRepositoryPolicyAsync([/* ... */]);

Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->setRepositoryPolicy([
    'force' => true || false,
    'policyText' => '<string>', // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
force
Type: boolean

If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the SetRepositoryPolicy operation. This is intended to prevent accidental repository lock outs.

policyText
Required: Yes
Type: string

The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to receive the policy.

Result Syntax

[
    'policyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
policyText
Type: string

The JSON repository policy text applied to the repository.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

StartImageScan

$result = $client->startImageScan([/* ... */]);
$promise = $client->startImageScanAsync([/* ... */]);

Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide.

Parameter Syntax

$result = $client->startImageScan([
    'imageId' => [ // REQUIRED
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
imageId
Required: Yes
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository in which to start an image scan request. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository that contains the images to scan.

Result Syntax

[
    'imageId' => [
        'imageDigest' => '<string>',
        'imageTag' => '<string>',
    ],
    'imageScanStatus' => [
        'description' => '<string>',
        'status' => 'IN_PROGRESS|COMPLETE|FAILED|UNSUPPORTED_IMAGE|ACTIVE|PENDING|SCAN_ELIGIBILITY_EXPIRED|FINDINGS_UNAVAILABLE',
    ],
    'registryId' => '<string>',
    'repositoryName' => '<string>',
]

Result Details

Members
imageId
Type: ImageIdentifier structure

An object with identifying information for an image in an Amazon ECR repository.

imageScanStatus
Type: ImageScanStatus structure

The current state of the scan.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

UnsupportedImageTypeException:

The image is of a type that cannot be scanned.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ImageNotFoundException:

The image requested does not exist in the specified repository.

ValidationException:

There was an exception validating this request.

StartLifecyclePolicyPreview

$result = $client->startLifecyclePolicyPreview([/* ... */]);
$promise = $client->startLifecyclePolicyPreviewAsync([/* ... */]);

Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.

Parameter Syntax

$result = $client->startLifecyclePolicyPreview([
    'lifecyclePolicyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
]);

Parameter Details

Members
lifecyclePolicyText
Type: string

The policy to be evaluated against. If you do not specify a policy, the current policy for the repository is used.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to be evaluated.

Result Syntax

[
    'lifecyclePolicyText' => '<string>',
    'registryId' => '<string>',
    'repositoryName' => '<string>',
    'status' => 'IN_PROGRESS|COMPLETE|EXPIRED|FAILED',
]

Result Details

Members
lifecyclePolicyText
Type: string

The JSON repository policy text.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

status
Type: string

The status of the lifecycle policy preview request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

LifecyclePolicyNotFoundException:

The lifecycle policy could not be found, and no policy is set to the repository.

LifecyclePolicyPreviewInProgressException:

The previous lifecycle policy preview request has not completed. Wait and try again.

ValidationException:

There was an exception validating this request.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.

Parameter Syntax

$result = $client->tagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.

tags
Required: Yes
Type: Array of Tag structures

The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

InvalidTagParameterException:

An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

TooManyTagsException:

The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ServerException:

These errors are usually caused by a server-side issue.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Deletes specified tags from a resource.

Parameter Syntax

$result = $client->untagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.

tagKeys
Required: Yes
Type: Array of strings

The keys of the tags to be removed.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

InvalidTagParameterException:

An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

TooManyTagsException:

The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

ServerException:

These errors are usually caused by a server-side issue.

UpdatePullThroughCacheRule

$result = $client->updatePullThroughCacheRule([/* ... */]);
$promise = $client->updatePullThroughCacheRuleAsync([/* ... */]);

Updates an existing pull through cache rule.

Parameter Syntax

$result = $client->updatePullThroughCacheRule([
    'credentialArn' => '<string>', // REQUIRED
    'ecrRepositoryPrefix' => '<string>', // REQUIRED
    'registryId' => '<string>',
]);

Parameter Details

Members
credentialArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

ecrRepositoryPrefix
Required: Yes
Type: string

The repository name prefix to use when caching images from the source registry.

registryId
Type: string

The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Result Syntax

[
    'credentialArn' => '<string>',
    'ecrRepositoryPrefix' => '<string>',
    'registryId' => '<string>',
    'updatedAt' => <DateTime>,
]

Result Details

Members
credentialArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

ecrRepositoryPrefix
Type: string

The Amazon ECR repository prefix associated with the pull through cache rule.

registryId
Type: string

The registry ID associated with the request.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the pull through cache rule was updated.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

UnableToAccessSecretException:

The secret is unable to be accessed. Verify the resource permissions for the secret and try again.

PullThroughCacheRuleNotFoundException:

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

SecretNotFoundException:

The ARN of the secret specified in the pull through cache rule was not found. Update the pull through cache rule with a valid secret ARN and try again.

UnableToDecryptSecretValueException:

The secret is accessible but is unable to be decrypted. Verify the resource permisisons and try again.

UpdateRepositoryCreationTemplate

$result = $client->updateRepositoryCreationTemplate([/* ... */]);
$promise = $client->updateRepositoryCreationTemplateAsync([/* ... */]);

Updates an existing repository creation template.

Parameter Syntax

$result = $client->updateRepositoryCreationTemplate([
    'appliedFor' => ['<string>', ...],
    'customRoleArn' => '<string>',
    'description' => '<string>',
    'encryptionConfiguration' => [
        'encryptionType' => 'AES256|KMS|KMS_DSSE', // REQUIRED
        'kmsKey' => '<string>',
    ],
    'imageTagMutability' => 'MUTABLE|IMMUTABLE',
    'lifecyclePolicy' => '<string>',
    'prefix' => '<string>', // REQUIRED
    'repositoryPolicy' => '<string>',
    'resourceTags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
appliedFor
Type: Array of strings

Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

customRoleArn
Type: string

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

description
Type: string

A description for the repository creation template.

encryptionConfiguration

The encryption configuration to associate with the repository creation template.

imageTagMutability
Type: string

Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

lifecyclePolicy
Type: string

Updates the lifecycle policy associated with the specified repository creation template.

prefix
Required: Yes
Type: string

The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. This includes a repository named prod/team1 as well as a repository named prod/repository1.

To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

repositoryPolicy
Type: string

Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

resourceTags
Type: Array of Tag structures

The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Result Syntax

[
    'registryId' => '<string>',
    'repositoryCreationTemplate' => [
        'appliedFor' => ['<string>', ...],
        'createdAt' => <DateTime>,
        'customRoleArn' => '<string>',
        'description' => '<string>',
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256|KMS|KMS_DSSE',
            'kmsKey' => '<string>',
        ],
        'imageTagMutability' => 'MUTABLE|IMMUTABLE',
        'lifecyclePolicy' => '<string>',
        'prefix' => '<string>',
        'repositoryPolicy' => '<string>',
        'resourceTags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'updatedAt' => <DateTime>,
    ],
]

Result Details

Members
registryId
Type: string

The registry ID associated with the request.

repositoryCreationTemplate
Type: RepositoryCreationTemplate structure

The details of the repository creation template associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

ValidationException:

There was an exception validating this request.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

TemplateNotFoundException:

The specified repository creation template can't be found. Verify the registry ID and prefix and try again.

Examples

Example 1: Update a repository creation template

This example updates a repository creation template.

$result = $client->updateRepositoryCreationTemplate([
    'appliedFor' => [
        'REPLICATION',
    ],
    'prefix' => 'eng/test',
    'resourceTags' => [
        [
            'Key' => 'environment',
            'Value' => 'test',
        ],
    ],
]);

Result syntax:

[
    'registryId' => '012345678901',
    'repositoryCreationTemplate' => [
        'appliedFor' => [
            'REPLICATION',
        ],
        'createdAt' => ,
        'description' => 'Repos for testing images',
        'encryptionConfiguration' => [
            'encryptionType' => 'AES256',
        ],
        'imageTagMutability' => 'MUTABLE',
        'lifecyclePolicy' => '{ "rules": [ { "rulePriority": 1, "description": "Expire images older than 14 days", "selection": { "tagStatus": "untagged", "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 14 }, "action": { "type": "expire" } } ]}',
        'prefix' => 'eng/test',
        'repositoryPolicy' => '{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "LambdaECRPullPolicy", "Effect" : "Allow", "Principal" : { "Service" : "lambda.amazonaws.com" }, "Action" : "ecr:BatchGetImage" } ]}',
        'resourceTags' => [
            [
                'Key' => 'environment',
                'Value' => 'test',
            ],
        ],
        'updatedAt' => ,
    ],
]

UploadLayerPart

$result = $client->uploadLayerPart([/* ... */]);
$promise = $client->uploadLayerPartAsync([/* ... */]);

Uploads an image layer part to Amazon ECR.

When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.

This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Parameter Syntax

$result = $client->uploadLayerPart([
    'layerPartBlob' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED
    'partFirstByte' => <integer>, // REQUIRED
    'partLastByte' => <integer>, // REQUIRED
    'registryId' => '<string>',
    'repositoryName' => '<string>', // REQUIRED
    'uploadId' => '<string>', // REQUIRED
]);

Parameter Details

Members
layerPartBlob
Required: Yes
Type: blob (string|resource|Psr\Http\Message\StreamInterface)

The base64-encoded layer part payload.

partFirstByte
Required: Yes
Type: long (int|float)

The position of the first byte of the layer part witin the overall image layer.

partLastByte
Required: Yes
Type: long (int|float)

The position of the last byte of the layer part within the overall image layer.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.

repositoryName
Required: Yes
Type: string

The name of the repository to which you are uploading layer parts.

uploadId
Required: Yes
Type: string

The upload ID from a previous InitiateLayerUpload operation to associate with the layer part upload.

Result Syntax

[
    'lastByteReceived' => <integer>,
    'registryId' => '<string>',
    'repositoryName' => '<string>',
    'uploadId' => '<string>',
]

Result Details

Members
lastByteReceived
Type: long (int|float)

The integer value of the last byte received in the request.

registryId
Type: string

The registry ID associated with the request.

repositoryName
Type: string

The repository name associated with the request.

uploadId
Type: string

The upload ID associated with the request.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

InvalidLayerPartException:

The layer part size is not valid, or the first byte specified is not consecutive to the last byte of a previous layer part upload.

RepositoryNotFoundException:

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

UploadNotFoundException:

The upload could not be found, or the specified upload ID is not valid for this repository.

LimitExceededException:

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

KmsException:

The operation failed due to a KMS exception.

ValidatePullThroughCacheRule

$result = $client->validatePullThroughCacheRule([/* ... */]);
$promise = $client->validatePullThroughCacheRuleAsync([/* ... */]);

Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.

Parameter Syntax

$result = $client->validatePullThroughCacheRule([
    'ecrRepositoryPrefix' => '<string>', // REQUIRED
    'registryId' => '<string>',
]);

Parameter Details

Members
ecrRepositoryPrefix
Required: Yes
Type: string

The repository name prefix associated with the pull through cache rule.

registryId
Type: string

The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.

Result Syntax

[
    'credentialArn' => '<string>',
    'ecrRepositoryPrefix' => '<string>',
    'failure' => '<string>',
    'isValid' => true || false,
    'registryId' => '<string>',
    'upstreamRegistryUrl' => '<string>',
]

Result Details

Members
credentialArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

ecrRepositoryPrefix
Type: string

The Amazon ECR repository prefix associated with the pull through cache rule.

failure
Type: string

The reason the validation failed. For more details about possible causes and how to address them, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

isValid
Type: boolean

Whether or not the pull through cache rule was validated. If true, Amazon ECR was able to reach the upstream registry and authentication was successful. If false, there was an issue and validation failed. The failure reason indicates the cause.

registryId
Type: string

The registry ID associated with the request.

upstreamRegistryUrl
Type: string

The upstream registry URL associated with the pull through cache rule.

Errors

ServerException:

These errors are usually caused by a server-side issue.

InvalidParameterException:

The specified parameter is invalid. Review the available parameters for the API request.

ValidationException:

There was an exception validating this request.

PullThroughCacheRuleNotFoundException:

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

Shapes

Attribute

Description

This data type is used in the ImageScanFinding data type.

Members
key
Required: Yes
Type: string

The attribute key.

value
Type: string

The value assigned to the attribute key.

AuthorizationData

Description

An object representing authorization data for an Amazon ECR registry.

Members
authorizationToken
Type: string

A base64-encoded string that contains authorization data for the specified Amazon ECR registry. When the string is decoded, it is presented in the format user:password for private registry authentication using docker login.

expiresAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.

proxyEndpoint
Type: string

The registry URL to use for this authorization token in a docker login command. The Amazon ECR registry URL format is https://aws_account_id.dkr.ecr.region.amazonaws.com. For example, https://012345678910.dkr.ecr.us-east-1.amazonaws.com..

AwsEcrContainerImageDetails

Description

The image details of the Amazon ECR container image.

Members
architecture
Type: string

The architecture of the Amazon ECR container image.

author
Type: string

The image author of the Amazon ECR container image.

imageHash
Type: string

The image hash of the Amazon ECR container image.

imageTags
Type: Array of strings

The image tags attached to the Amazon ECR container image.

platform
Type: string

The platform of the Amazon ECR container image.

pushedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the Amazon ECR container image was pushed.

registry
Type: string

The registry the Amazon ECR container image belongs to.

repositoryName
Type: string

The name of the repository the Amazon ECR container image resides in.

CvssScore

Description

The CVSS score for a finding.

Members
baseScore
Type: double

The base CVSS score used for the finding.

scoringVector
Type: string

The vector string of the CVSS score.

source
Type: string

The source of the CVSS score.

version
Type: string

The version of CVSS used for the score.

CvssScoreAdjustment

Description

Details on adjustments Amazon Inspector made to the CVSS score for a finding.

Members
metric
Type: string

The metric used to adjust the CVSS score.

reason
Type: string

The reason the CVSS score has been adjustment.

CvssScoreDetails

Description

Information about the CVSS score.

Members
adjustments
Type: Array of CvssScoreAdjustment structures

An object that contains details about adjustment Amazon Inspector made to the CVSS score.

score
Type: double

The CVSS score.

scoreSource
Type: string

The source for the CVSS score.

scoringVector
Type: string

The vector for the CVSS score.

version
Type: string

The CVSS version used in scoring.

DescribeImagesFilter

Description

An object representing a filter on a DescribeImages operation.

Members
tagStatus
Type: string

The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED.

EmptyUploadException

Description

The specified layer upload does not contain any layer parts.

Members
message
Type: string

The error message associated with the exception.

EncryptionConfiguration

Description

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

Members
encryptionType
Required: Yes
Type: string

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

kmsKey
Type: string

If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

EncryptionConfigurationForRepositoryCreationTemplate

Description

The encryption configuration to associate with the repository creation template.

Members
encryptionType
Required: Yes
Type: string

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

kmsKey
Type: string

If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

EnhancedImageScanFinding

Description

The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.

Members
awsAccountId
Type: string

The Amazon Web Services account ID associated with the image.

description
Type: string

The description of the finding.

exploitAvailable
Type: string

If a finding discovered in your environment has an exploit available.

findingArn
Type: string

The Amazon Resource Number (ARN) of the finding.

firstObservedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that the finding was first observed.

fixAvailable
Type: string

Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

lastObservedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that the finding was last observed.

packageVulnerabilityDetails
Type: PackageVulnerabilityDetails structure

An object that contains the details of a package vulnerability finding.

remediation
Type: Remediation structure

An object that contains the details about how to remediate a finding.

resources
Type: Array of Resource structures

Contains information on the resources involved in a finding.

score
Type: double

The Amazon Inspector score given to the finding.

scoreDetails
Type: ScoreDetails structure

An object that contains details of the Amazon Inspector score.

severity
Type: string

The severity of the finding.

status
Type: string

The status of the finding.

title
Type: string

The title of the finding.

type
Type: string

The type of the finding.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the finding was last updated at.

Image

Description

An object representing an Amazon ECR image.

Members
imageId
Type: ImageIdentifier structure

An object containing the image tag and image digest associated with an image.

imageManifest
Type: string

The image manifest associated with the image.

imageManifestMediaType
Type: string

The manifest media type of the image.

registryId
Type: string

The Amazon Web Services account ID associated with the registry containing the image.

repositoryName
Type: string

The name of the repository associated with the image.

ImageAlreadyExistsException

Description

The specified image has already been pushed, and there were no changes to the manifest or image tag after the last push.

Members
message
Type: string

The error message associated with the exception.

ImageDetail

Description

An object that describes an image returned by a DescribeImages operation.

Members
artifactMediaType
Type: string

The artifact media type of the image.

imageDigest
Type: string

The sha256 digest of the image manifest.

imageManifestMediaType
Type: string

The media type of the image manifest.

imagePushedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.

imageScanFindingsSummary
Type: ImageScanFindingsSummary structure

A summary of the last completed image scan.

imageScanStatus
Type: ImageScanStatus structure

The current state of the scan.

imageSizeInBytes
Type: long (int|float)

The size, in bytes, of the image in the repository.

If the image is a manifest list, this will be the max size of all manifests in the list.

Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.

imageTags
Type: Array of strings

The list of tags associated with this image.

lastRecordedPullTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.

Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the lastRecordedPullTime timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the lastRecordedPullTime timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to which this image belongs.

repositoryName
Type: string

The name of the repository to which this image belongs.

ImageDigestDoesNotMatchException

Description

The specified image digest does not match the digest that Amazon ECR calculated for the image.

Members
message
Type: string

ImageFailure

Description

An object representing an Amazon ECR image failure.

Members
failureCode
Type: string

The code associated with the failure.

failureReason
Type: string

The reason for the failure.

imageId
Type: ImageIdentifier structure

The image ID associated with the failure.

ImageIdentifier

Description

An object with identifying information for an image in an Amazon ECR repository.

Members
imageDigest
Type: string

The sha256 digest of the image manifest.

imageTag
Type: string

The tag used for the image.

ImageNotFoundException

Description

The image requested does not exist in the specified repository.

Members
message
Type: string

ImageReplicationStatus

Description

The status of the replication process for an image.

Members
failureCode
Type: string

The failure code for a replication that has failed.

region
Type: string

The destination Region for the image replication.

registryId
Type: string

The Amazon Web Services account ID associated with the registry to which the image belongs.

status
Type: string

The image replication status.

ImageScanFinding

Description

Contains information about an image scan finding.

Members
attributes
Type: Array of Attribute structures

A collection of attributes of the host from which the finding is generated.

description
Type: string

The description of the finding.

name
Type: string

The name associated with the finding, usually a CVE number.

severity
Type: string

The finding severity.

uri
Type: string

A link containing additional details about the security vulnerability.

ImageScanFindings

Description

The details of an image scan.

Members
enhancedFindings
Type: Array of EnhancedImageScanFinding structures

Details about the enhanced scan findings from Amazon Inspector.

findingSeverityCounts
Type: Associative array of custom strings keys (FindingSeverity) to ints

The image vulnerability counts, sorted by severity.

findings
Type: Array of ImageScanFinding structures

The findings from the image scan.

imageScanCompletedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time of the last completed image scan.

vulnerabilitySourceUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the vulnerability data was last scanned.

ImageScanFindingsSummary

Description

A summary of the last completed image scan.

Members
findingSeverityCounts
Type: Associative array of custom strings keys (FindingSeverity) to ints

The image vulnerability counts, sorted by severity.

imageScanCompletedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time of the last completed image scan.

vulnerabilitySourceUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the vulnerability data was last scanned.

ImageScanStatus

Description

The current status of an image scan.

Members
description
Type: string

The description of the image scan status.

status
Type: string

The current state of an image scan.

ImageScanningConfiguration

Description

The image scanning configuration for a repository.

Members
scanOnPush
Type: boolean

The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

ImageTagAlreadyExistsException

Description

The specified image is tagged with a tag that already exists. The repository is configured for tag immutability.

Members
message
Type: string

InvalidLayerException

Description

The layer digest calculation performed by Amazon ECR upon receipt of the image layer does not match the digest specified.

Members
message
Type: string

The error message associated with the exception.

InvalidLayerPartException

Description

The layer part size is not valid, or the first byte specified is not consecutive to the last byte of a previous layer part upload.

Members
lastValidByteReceived
Type: long (int|float)

The last valid byte received from the layer part upload that is associated with the exception.

message
Type: string

The error message associated with the exception.

registryId
Type: string

The registry ID associated with the exception.

repositoryName
Type: string

The repository name associated with the exception.

uploadId
Type: string

The upload ID associated with the exception.

InvalidParameterException

Description

The specified parameter is invalid. Review the available parameters for the API request.

Members
message
Type: string

The error message associated with the exception.

InvalidTagParameterException

Description

An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Members
message
Type: string

KmsException

Description

The operation failed due to a KMS exception.

Members
kmsError
Type: string

The error code returned by KMS.

message
Type: string

Layer

Description

An object representing an Amazon ECR image layer.

Members
layerAvailability
Type: string

The availability status of the image layer.

layerDigest
Type: string

The sha256 digest of the image layer.

layerSize
Type: long (int|float)

The size, in bytes, of the image layer.

mediaType
Type: string

The media type of the layer, such as application/vnd.docker.image.rootfs.diff.tar.gzip or application/vnd.oci.image.layer.v1.tar+gzip.

LayerAlreadyExistsException

Description

The image layer already exists in the associated repository.

Members
message
Type: string

The error message associated with the exception.

LayerFailure

Description

An object representing an Amazon ECR image layer failure.

Members
failureCode
Type: string

The failure code associated with the failure.

failureReason
Type: string

The reason for the failure.

layerDigest
Type: string

The layer digest associated with the failure.

LayerInaccessibleException

Description

The specified layer is not available because it is not associated with an image. Unassociated image layers may be cleaned up at any time.

Members
message
Type: string

The error message associated with the exception.

LayerPartTooSmallException

Description

Layer parts must be at least 5 MiB in size.

Members
message
Type: string

The error message associated with the exception.

LayersNotFoundException

Description

The specified layers could not be found, or the specified layer is not valid for this repository.

Members
message
Type: string

The error message associated with the exception.

LifecyclePolicyNotFoundException

Description

The lifecycle policy could not be found, and no policy is set to the repository.

Members
message
Type: string

LifecyclePolicyPreviewFilter

Description

The filter for the lifecycle policy preview.

Members
tagStatus
Type: string

The tag status of the image.

LifecyclePolicyPreviewInProgressException

Description

The previous lifecycle policy preview request has not completed. Wait and try again.

Members
message
Type: string

LifecyclePolicyPreviewNotFoundException

Description

There is no dry run for this repository.

Members
message
Type: string

LifecyclePolicyPreviewResult

Description

The result of the lifecycle policy preview.

Members
action
Type: LifecyclePolicyRuleAction structure

The type of action to be taken.

appliedRulePriority
Type: int

The priority of the applied rule.

imageDigest
Type: string

The sha256 digest of the image manifest.

imagePushedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.

imageTags
Type: Array of strings

The list of tags associated with this image.

LifecyclePolicyPreviewSummary

Description

The summary of the lifecycle policy preview request.

Members
expiringImageTotalCount
Type: int

The number of expiring images.

LifecyclePolicyRuleAction

Description

The type of action to be taken.

Members
type
Type: string

The type of action to be taken.

LimitExceededException

Description

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

Members
message
Type: string

The error message associated with the exception.

ListImagesFilter

Description

An object representing a filter on a ListImages operation.

Members
tagStatus
Type: string

The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED or UNTAGGED.

PackageVulnerabilityDetails

Description

Information about a package vulnerability finding.

Members
cvss
Type: Array of CvssScore structures

An object that contains details about the CVSS score of a finding.

referenceUrls
Type: Array of strings

One or more URLs that contain details about this vulnerability type.

relatedVulnerabilities
Type: Array of strings

One or more vulnerabilities related to the one identified in this finding.

source
Type: string

The source of the vulnerability information.

sourceUrl
Type: string

A URL to the source of the vulnerability information.

vendorCreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that this vulnerability was first added to the vendor's database.

vendorSeverity
Type: string

The severity the vendor has given to this vulnerability type.

vendorUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the vendor last updated this vulnerability in their database.

vulnerabilityId
Type: string

The ID given to this vulnerability.

vulnerablePackages
Type: Array of VulnerablePackage structures

The packages impacted by this vulnerability.

PullThroughCacheRule

Description

The details of a pull through cache rule.

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the pull through cache was created.

credentialArn
Type: string

The ARN of the Secrets Manager secret associated with the pull through cache rule.

ecrRepositoryPrefix
Type: string

The Amazon ECR repository prefix associated with the pull through cache rule.

registryId
Type: string

The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the pull through cache rule was last updated.

upstreamRegistry
Type: string

The name of the upstream source registry associated with the pull through cache rule.

upstreamRegistryUrl
Type: string

The upstream registry URL associated with the pull through cache rule.

PullThroughCacheRuleAlreadyExistsException

Description

A pull through cache rule with these settings already exists for the private registry.

Members
message
Type: string

PullThroughCacheRuleNotFoundException

Description

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

Members
message
Type: string

Recommendation

Description

Details about the recommended course of action to remediate the finding.

Members
text
Type: string

The recommended course of action to remediate the finding.

url
Type: string

The URL address to the CVE remediation recommendations.

ReferencedImagesNotFoundException

Description

The manifest list is referencing an image that does not exist.

Members
message
Type: string

RegistryPolicyNotFoundException

Description

The registry doesn't have an associated registry policy.

Members
message
Type: string

RegistryScanningConfiguration

Description

The scanning configuration for a private registry.

Members
rules
Type: Array of RegistryScanningRule structures

The scanning rules associated with the registry.

scanType
Type: string

The type of scanning configured for the registry.

RegistryScanningRule

Description

The details of a scanning rule for a private registry.

Members
repositoryFilters
Required: Yes
Type: Array of ScanningRepositoryFilter structures

The repository filters associated with the scanning configuration for a private registry.

scanFrequency
Required: Yes
Type: string

The frequency that scans are performed at for a private registry. When the ENHANCED scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN and SCAN_ON_PUSH. When the BASIC scan type is specified, the SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then the MANUAL scan frequency is set by default.

Remediation

Description

Information on how to remediate a finding.

Members
recommendation
Type: Recommendation structure

An object that contains information about the recommended course of action to remediate the finding.

ReplicationConfiguration

Description

The replication configuration for a registry.

Members
rules
Required: Yes
Type: Array of ReplicationRule structures

An array of objects representing the replication destinations and repository filters for a replication configuration.

ReplicationDestination

Description

An array of objects representing the destination for a replication rule.

Members
region
Required: Yes
Type: string

The Region to replicate to.

registryId
Required: Yes
Type: string

The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.

ReplicationRule

Description

An array of objects representing the replication destinations and repository filters for a replication configuration.

Members
destinations
Required: Yes
Type: Array of ReplicationDestination structures

An array of objects representing the destination for a replication rule.

repositoryFilters
Type: Array of RepositoryFilter structures

An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.

Repository

Description

An object representing a repository.

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the repository was created.

encryptionConfiguration
Type: EncryptionConfiguration structure

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

imageScanningConfiguration
Type: ImageScanningConfiguration structure

The image scanning configuration for a repository.

imageTagMutability
Type: string

The tag mutability setting for the repository.

registryId
Type: string

The Amazon Web Services account ID associated with the registry that contains the repository.

repositoryArn
Type: string

The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name.

repositoryName
Type: string

The name of the repository.

repositoryUri
Type: string

The URI for the repository. You can use this URI for container image push and pull operations.

RepositoryAlreadyExistsException

Description

The specified repository already exists in the specified registry.

Members
message
Type: string

The error message associated with the exception.

RepositoryCreationTemplate

Description

The details of the repository creation template associated with the request.

Members
appliedFor
Type: Array of strings

A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the repository creation template was created.

customRoleArn
Type: string

The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

description
Type: string

The description associated with the repository creation template.

encryptionConfiguration

The encryption configuration associated with the repository creation template.

imageTagMutability
Type: string

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

lifecyclePolicy
Type: string

The lifecycle policy to use for repositories created using the template.

prefix
Type: string

The repository namespace prefix associated with the repository creation template.

repositoryPolicy
Type: string

he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

resourceTags
Type: Array of Tag structures

The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in JavaScript date format, when the repository creation template was last updated.

RepositoryFilter

Description

The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.

Members
filter
Required: Yes
Type: string

The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.

filterType
Required: Yes
Type: string

The repository filter type. The only supported value is PREFIX_MATCH, which is a repository name prefix specified with the filter parameter.

RepositoryNotEmptyException

Description

The specified repository contains images. To delete a repository that contains images, you must force the deletion with the force parameter.

Members
message
Type: string

The error message associated with the exception.

RepositoryNotFoundException

Description

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

Members
message
Type: string

The error message associated with the exception.

RepositoryPolicyNotFoundException

Description

The specified repository and registry combination does not have an associated repository policy.

Members
message
Type: string

The error message associated with the exception.

RepositoryScanningConfiguration

Description

The details of the scanning configuration for a repository.

Members
appliedScanFilters
Type: Array of ScanningRepositoryFilter structures

The scan filters applied to the repository.

repositoryArn
Type: string

The ARN of the repository.

repositoryName
Type: string

The name of the repository.

scanFrequency
Type: string

The scan frequency for the repository.

scanOnPush
Type: boolean

Whether or not scan on push is configured for the repository.

RepositoryScanningConfigurationFailure

Description

The details about any failures associated with the scanning configuration of a repository.

Members
failureCode
Type: string

The failure code.

failureReason
Type: string

The reason for the failure.

repositoryName
Type: string

The name of the repository.

Resource

Description

Details about the resource involved in a finding.

Members
details
Type: ResourceDetails structure

An object that contains details about the resource involved in a finding.

id
Type: string

The ID of the resource.

tags
Type: Associative array of custom strings keys (TagKey) to strings

The tags attached to the resource.

type
Type: string

The type of resource.

ResourceDetails

Description

Contains details about the resource involved in the finding.

Members
awsEcrContainerImage
Type: AwsEcrContainerImageDetails structure

An object that contains details about the Amazon ECR container image involved in the finding.

ScanNotFoundException

Description

The specified image scan could not be found. Ensure that image scanning is enabled on the repository and try again.

Members
message
Type: string

ScanningRepositoryFilter

Description

The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide.

Members
filter
Required: Yes
Type: string

The filter to use when scanning.

filterType
Required: Yes
Type: string

The type associated with the filter.

ScoreDetails

Description

Information about the Amazon Inspector score given to a finding.

Members
cvss
Type: CvssScoreDetails structure

An object that contains details about the CVSS score given to a finding.

SecretNotFoundException

Description

The ARN of the secret specified in the pull through cache rule was not found. Update the pull through cache rule with a valid secret ARN and try again.

Members
message
Type: string

ServerException

Description

These errors are usually caused by a server-side issue.

Members
message
Type: string

The error message associated with the exception.

Tag

Description

The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Members
Key
Required: Yes
Type: string

One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

Value
Required: Yes
Type: string

A value acts as a descriptor within a tag category (key).

TemplateAlreadyExistsException

Description

The repository creation template already exists. Specify a unique prefix and try again.

Members
message
Type: string

TemplateNotFoundException

Description

The specified repository creation template can't be found. Verify the registry ID and prefix and try again.

Members
message
Type: string

TooManyTagsException

Description

The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.

Members
message
Type: string

UnableToAccessSecretException

Description

The secret is unable to be accessed. Verify the resource permissions for the secret and try again.

Members
message
Type: string

UnableToDecryptSecretValueException

Description

The secret is accessible but is unable to be decrypted. Verify the resource permisisons and try again.

Members
message
Type: string

UnableToGetUpstreamImageException

Description

The image or images were unable to be pulled using the pull through cache rule. This is usually caused because of an issue with the Secrets Manager secret containing the credentials for the upstream registry.

Members
message
Type: string

UnableToGetUpstreamLayerException

Description

There was an issue getting the upstream layer matching the pull through cache rule.

Members
message
Type: string

UnsupportedImageTypeException

Description

The image is of a type that cannot be scanned.

Members
message
Type: string

UnsupportedUpstreamRegistryException

Description

The specified upstream registry isn't supported.

Members
message
Type: string

UploadNotFoundException

Description

The upload could not be found, or the specified upload ID is not valid for this repository.

Members
message
Type: string

The error message associated with the exception.

ValidationException

Description

There was an exception validating this request.

Members
message
Type: string

VulnerablePackage

Description

Information on the vulnerable package identified by a finding.

Members
arch
Type: string

The architecture of the vulnerable package.

epoch
Type: int

The epoch of the vulnerable package.

filePath
Type: string

The file path of the vulnerable package.

fixedInVersion
Type: string

The version of the package that contains the vulnerability fix.

name
Type: string

The name of the vulnerable package.

packageManager
Type: string

The package manager of the vulnerable package.

release
Type: string

The release of the vulnerable package.

sourceLayerHash
Type: string

The source layer hash of the vulnerable package.

version
Type: string

The version of the vulnerable package.