Repository
data class RepositoryCreationTemplateArgs(val appliedFors: Output<List<String>>? = null, val customRoleArn: Output<String>? = null, val description: Output<String>? = null, val encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null, val imageTagMutability: Output<String>? = null, val lifecyclePolicy: Output<String>? = null, val prefix: Output<String>? = null, val repositoryPolicy: Output<String>? = null, val resourceTags: Output<Map<String, String>>? = null) : ConvertibleToJava<RepositoryCreationTemplateArgs>
Provides an Elastic Container Registry Repository Creation Template.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getPolicyDocument({
statements: [{
sid: "new policy",
effect: "Allow",
principals: [{
type: "AWS",
identifiers: ["123456789012"],
}],
actions: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
}],
});
const exampleRepositoryCreationTemplate = new aws.ecr.RepositoryCreationTemplate("example", {
prefix: "example",
description: "An example template",
imageTagMutability: "IMMUTABLE",
customRoleArn: "arn:aws:iam::123456789012:role/example",
appliedFors: ["PULL_THROUGH_CACHE"],
encryptionConfigurations: [{
encryptionType: "AES256",
}],
repositoryPolicy: example.then(example => example.json),
lifecyclePolicy: `{
"rules": [
{
"rulePriority": 1,
"description": "Expire images older than 14 days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
},
"action": {
"type": "expire"
}
}
]
}
`,
resourceTags: {
Foo: "Bar",
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.iam.get_policy_document(statements=[{
"sid": "new policy",
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": ["123456789012"],
}],
"actions": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
}])
example_repository_creation_template = aws.ecr.RepositoryCreationTemplate("example",
prefix="example",
description="An example template",
image_tag_mutability="IMMUTABLE",
custom_role_arn="arn:aws:iam::123456789012:role/example",
applied_fors=["PULL_THROUGH_CACHE"],
encryption_configurations=[{
"encryption_type": "AES256",
}],
repository_policy=example.json,
lifecycle_policy="""{
"rules": [
{
"rulePriority": 1,
"description": "Expire images older than 14 days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
},
"action": {
"type": "expire"
}
}
]
}
""",
resource_tags={
"Foo": "Bar",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "new policy",
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"123456789012",
},
},
},
Actions = new[]
{
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
},
},
},
});
var exampleRepositoryCreationTemplate = new Aws.Ecr.RepositoryCreationTemplate("example", new()
{
Prefix = "example",
Description = "An example template",
ImageTagMutability = "IMMUTABLE",
CustomRoleArn = "arn:aws:iam::123456789012:role/example",
AppliedFors = new[]
{
"PULL_THROUGH_CACHE",
},
EncryptionConfigurations = new[]
{
new Aws.Ecr.Inputs.RepositoryCreationTemplateEncryptionConfigurationArgs
{
EncryptionType = "AES256",
},
},
RepositoryPolicy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
LifecyclePolicy = @"{
""rules"": [
{
""rulePriority"": 1,
""description"": ""Expire images older than 14 days"",
""selection"": {
""tagStatus"": ""untagged"",
""countType"": ""sinceImagePushed"",
""countUnit"": ""days"",
""countNumber"": 14
},
""action"": {
""type"": ""expire""
}
}
]
}
",
ResourceTags =
{
{ "Foo", "Bar" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("new policy"),
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"123456789012",
},
},
},
Actions: []string{
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = ecr.NewRepositoryCreationTemplate(ctx, "example", &ecr.RepositoryCreationTemplateArgs{
Prefix: pulumi.String("example"),
Description: pulumi.String("An example template"),
ImageTagMutability: pulumi.String("IMMUTABLE"),
CustomRoleArn: pulumi.String("arn:aws:iam::123456789012:role/example"),
AppliedFors: pulumi.StringArray{
pulumi.String("PULL_THROUGH_CACHE"),
},
EncryptionConfigurations: ecr.RepositoryCreationTemplateEncryptionConfigurationArray{
&ecr.RepositoryCreationTemplateEncryptionConfigurationArgs{
EncryptionType: pulumi.String("AES256"),
},
},
RepositoryPolicy: pulumi.String(example.Json),
LifecyclePolicy: pulumi.String(`{
"rules": [
{
"rulePriority": 1,
"description": "Expire images older than 14 days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
},
"action": {
"type": "expire"
}
}
]
}
`),
ResourceTags: pulumi.StringMap{
"Foo": pulumi.String("Bar"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ecr.RepositoryCreationTemplate;
import com.pulumi.aws.ecr.RepositoryCreationTemplateArgs;
import com.pulumi.aws.ecr.inputs.RepositoryCreationTemplateEncryptionConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("new policy")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("123456789012")
.build())
.actions(
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy")
.build())
.build());
var exampleRepositoryCreationTemplate = new RepositoryCreationTemplate("exampleRepositoryCreationTemplate", RepositoryCreationTemplateArgs.builder()
.prefix("example")
.description("An example template")
.imageTagMutability("IMMUTABLE")
.customRoleArn("arn:aws:iam::123456789012:role/example")
.appliedFors("PULL_THROUGH_CACHE")
.encryptionConfigurations(RepositoryCreationTemplateEncryptionConfigurationArgs.builder()
.encryptionType("AES256")
.build())
.repositoryPolicy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.lifecyclePolicy("""
{
"rules": [
{
"rulePriority": 1,
"description": "Expire images older than 14 days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
},
"action": {
"type": "expire"
}
}
]
}
""")
.resourceTags(Map.of("Foo", "Bar"))
.build());
}
}Content copied to clipboard
resources:
exampleRepositoryCreationTemplate:
type: aws:ecr:RepositoryCreationTemplate
name: example
properties:
prefix: example
description: An example template
imageTagMutability: IMMUTABLE
customRoleArn: arn:aws:iam::123456789012:role/example
appliedFors:
- PULL_THROUGH_CACHE
encryptionConfigurations:
- encryptionType: AES256
repositoryPolicy: ${example.json}
lifecyclePolicy: |
{
"rules": [
{
"rulePriority": 1,
"description": "Expire images older than 14 days",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
},
"action": {
"type": "expire"
}
}
]
}
resourceTags:
Foo: Bar
variables:
example:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: new policy
effect: Allow
principals:
- type: AWS
identifiers:
- '123456789012'
actions:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
- ecr:DescribeRepositories
- ecr:GetRepositoryPolicy
- ecr:ListImages
- ecr:DeleteRepository
- ecr:BatchDeleteImage
- ecr:SetRepositoryPolicy
- ecr:DeleteRepositoryPolicyContent copied to clipboard
Import
Using pulumi import, import the ECR Repository Creating Templates using the prefix. For example:
$ pulumi import aws:ecr/repositoryCreationTemplate:RepositoryCreationTemplate example exampleContent copied to clipboard
Constructors
Link copied to clipboard
constructor(appliedFors: Output<List<String>>? = null, customRoleArn: Output<String>? = null, description: Output<String>? = null, encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null, imageTagMutability: Output<String>? = null, lifecyclePolicy: Output<String>? = null, prefix: Output<String>? = null, repositoryPolicy: Output<String>? = null, resourceTags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
Which features this template applies to. Must contain one or more of PULL_THROUGH_CACHE or REPLICATION.
Link copied to clipboard
A custom IAM role to use for repository creation. Required if using repository tags or KMS encryption.
Link copied to clipboard
The description for this template.
Link copied to clipboard
val encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null
Encryption configuration for any created repositories. See below for schema.
Link copied to clipboard
The tag mutability setting for any created repositories. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.
Link copied to clipboard
The lifecycle policy document to apply to any created repositories. See more details about Policy Parameters in the official AWS docs. Consider using the aws.ecr.getLifecyclePolicyDocument data_source to generate/manage the JSON document used for the lifecycle_policy argument.
Link copied to clipboard
Link copied to clipboard
A map of tags to assign to any created repositories.