pulumi-aws-kotlin/com.pulumi.aws.ecr.kotlin/RepositoryCreationTemplateArgs

RepositoryCreationTemplateArgs

data class RepositoryCreationTemplateArgs(val appliedFors: Output<List<String>>? = null, val customRoleArn: Output<String>? = null, val description: Output<String>? = null, val encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null, val imageTagMutability: Output<String>? = null, val lifecyclePolicy: Output<String>? = null, val prefix: Output<String>? = null, val repositoryPolicy: Output<String>? = null, val resourceTags: Output<Map<String, String>>? = null) : ConvertibleToJava<RepositoryCreationTemplateArgs>

Provides an Elastic Container Registry Repository Creation Template.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getPolicyDocument({
    statements: [{
        sid: "new policy",
        effect: "Allow",
        principals: [{
            type: "AWS",
            identifiers: ["123456789012"],
        }],
        actions: [
            "ecr:GetDownloadUrlForLayer",
            "ecr:BatchGetImage",
            "ecr:BatchCheckLayerAvailability",
            "ecr:PutImage",
            "ecr:InitiateLayerUpload",
            "ecr:UploadLayerPart",
            "ecr:CompleteLayerUpload",
            "ecr:DescribeRepositories",
            "ecr:GetRepositoryPolicy",
            "ecr:ListImages",
            "ecr:DeleteRepository",
            "ecr:BatchDeleteImage",
            "ecr:SetRepositoryPolicy",
            "ecr:DeleteRepositoryPolicy",
        ],
    }],
});
const exampleRepositoryCreationTemplate = new aws.ecr.RepositoryCreationTemplate("example", {
    prefix: "example",
    description: "An example template",
    imageTagMutability: "IMMUTABLE",
    customRoleArn: "arn:aws:iam::123456789012:role/example",
    appliedFors: ["PULL_THROUGH_CACHE"],
    encryptionConfigurations: [{
        encryptionType: "AES256",
    }],
    repositoryPolicy: example.then(example => example.json),
    lifecyclePolicy: `{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Expire images older than 14 days",
      "selection": {
        "tagStatus": "untagged",
        "countType": "sinceImagePushed",
        "countUnit": "days",
        "countNumber": 14
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}
`,
    resourceTags: {
        Foo: "Bar",
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.iam.get_policy_document(statements=[{
    "sid": "new policy",
    "effect": "Allow",
    "principals": [{
        "type": "AWS",
        "identifiers": ["123456789012"],
    }],
    "actions": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability",
        "ecr:PutImage",
        "ecr:InitiateLayerUpload",
        "ecr:UploadLayerPart",
        "ecr:CompleteLayerUpload",
        "ecr:DescribeRepositories",
        "ecr:GetRepositoryPolicy",
        "ecr:ListImages",
        "ecr:DeleteRepository",
        "ecr:BatchDeleteImage",
        "ecr:SetRepositoryPolicy",
        "ecr:DeleteRepositoryPolicy",
    ],
}])
example_repository_creation_template = aws.ecr.RepositoryCreationTemplate("example",
    prefix="example",
    description="An example template",
    image_tag_mutability="IMMUTABLE",
    custom_role_arn="arn:aws:iam::123456789012:role/example",
    applied_fors=["PULL_THROUGH_CACHE"],
    encryption_configurations=[{
        "encryption_type": "AES256",
    }],
    repository_policy=example.json,
    lifecycle_policy="""{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Expire images older than 14 days",
      "selection": {
        "tagStatus": "untagged",
        "countType": "sinceImagePushed",
        "countUnit": "days",
        "countNumber": 14
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}
""",
    resource_tags={
        "Foo": "Bar",
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Sid = "new policy",
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "AWS",
                        Identifiers = new[]
                        {
                            "123456789012",
                        },
                    },
                },
                Actions = new[]
                {
                    "ecr:GetDownloadUrlForLayer",
                    "ecr:BatchGetImage",
                    "ecr:BatchCheckLayerAvailability",
                    "ecr:PutImage",
                    "ecr:InitiateLayerUpload",
                    "ecr:UploadLayerPart",
                    "ecr:CompleteLayerUpload",
                    "ecr:DescribeRepositories",
                    "ecr:GetRepositoryPolicy",
                    "ecr:ListImages",
                    "ecr:DeleteRepository",
                    "ecr:BatchDeleteImage",
                    "ecr:SetRepositoryPolicy",
                    "ecr:DeleteRepositoryPolicy",
                },
            },
        },
    });
    var exampleRepositoryCreationTemplate = new Aws.Ecr.RepositoryCreationTemplate("example", new()
    {
        Prefix = "example",
        Description = "An example template",
        ImageTagMutability = "IMMUTABLE",
        CustomRoleArn = "arn:aws:iam::123456789012:role/example",
        AppliedFors = new[]
        {
            "PULL_THROUGH_CACHE",
        },
        EncryptionConfigurations = new[]
        {
            new Aws.Ecr.Inputs.RepositoryCreationTemplateEncryptionConfigurationArgs
            {
                EncryptionType = "AES256",
            },
        },
        RepositoryPolicy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        LifecyclePolicy = @"{
  ""rules"": [
    {
      ""rulePriority"": 1,
      ""description"": ""Expire images older than 14 days"",
      ""selection"": {
        ""tagStatus"": ""untagged"",
        ""countType"": ""sinceImagePushed"",
        ""countUnit"": ""days"",
        ""countNumber"": 14
      },
      ""action"": {
        ""type"": ""expire""
      }
    }
  ]
}
",
        ResourceTags =
        {
            { "Foo", "Bar" },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Sid:    pulumi.StringRef("new policy"),
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "AWS",
							Identifiers: []string{
								"123456789012",
							},
						},
					},
					Actions: []string{
						"ecr:GetDownloadUrlForLayer",
						"ecr:BatchGetImage",
						"ecr:BatchCheckLayerAvailability",
						"ecr:PutImage",
						"ecr:InitiateLayerUpload",
						"ecr:UploadLayerPart",
						"ecr:CompleteLayerUpload",
						"ecr:DescribeRepositories",
						"ecr:GetRepositoryPolicy",
						"ecr:ListImages",
						"ecr:DeleteRepository",
						"ecr:BatchDeleteImage",
						"ecr:SetRepositoryPolicy",
						"ecr:DeleteRepositoryPolicy",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = ecr.NewRepositoryCreationTemplate(ctx, "example", &ecr.RepositoryCreationTemplateArgs{
			Prefix:             pulumi.String("example"),
			Description:        pulumi.String("An example template"),
			ImageTagMutability: pulumi.String("IMMUTABLE"),
			CustomRoleArn:      pulumi.String("arn:aws:iam::123456789012:role/example"),
			AppliedFors: pulumi.StringArray{
				pulumi.String("PULL_THROUGH_CACHE"),
			},
			EncryptionConfigurations: ecr.RepositoryCreationTemplateEncryptionConfigurationArray{
				&ecr.RepositoryCreationTemplateEncryptionConfigurationArgs{
					EncryptionType: pulumi.String("AES256"),
				},
			},
			RepositoryPolicy: pulumi.String(example.Json),
			LifecyclePolicy: pulumi.String(`{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Expire images older than 14 days",
      "selection": {
        "tagStatus": "untagged",
        "countType": "sinceImagePushed",
        "countUnit": "days",
        "countNumber": 14
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}
`),
			ResourceTags: pulumi.StringMap{
				"Foo": pulumi.String("Bar"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ecr.RepositoryCreationTemplate;
import com.pulumi.aws.ecr.RepositoryCreationTemplateArgs;
import com.pulumi.aws.ecr.inputs.RepositoryCreationTemplateEncryptionConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .sid("new policy")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("123456789012")
                    .build())
                .actions(
                    "ecr:GetDownloadUrlForLayer",
                    "ecr:BatchGetImage",
                    "ecr:BatchCheckLayerAvailability",
                    "ecr:PutImage",
                    "ecr:InitiateLayerUpload",
                    "ecr:UploadLayerPart",
                    "ecr:CompleteLayerUpload",
                    "ecr:DescribeRepositories",
                    "ecr:GetRepositoryPolicy",
                    "ecr:ListImages",
                    "ecr:DeleteRepository",
                    "ecr:BatchDeleteImage",
                    "ecr:SetRepositoryPolicy",
                    "ecr:DeleteRepositoryPolicy")
                .build())
            .build());
        var exampleRepositoryCreationTemplate = new RepositoryCreationTemplate("exampleRepositoryCreationTemplate", RepositoryCreationTemplateArgs.builder()
            .prefix("example")
            .description("An example template")
            .imageTagMutability("IMMUTABLE")
            .customRoleArn("arn:aws:iam::123456789012:role/example")
            .appliedFors("PULL_THROUGH_CACHE")
            .encryptionConfigurations(RepositoryCreationTemplateEncryptionConfigurationArgs.builder()
                .encryptionType("AES256")
                .build())
            .repositoryPolicy(example.json())
            .lifecyclePolicy("""
{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Expire images older than 14 days",
      "selection": {
        "tagStatus": "untagged",
        "countType": "sinceImagePushed",
        "countUnit": "days",
        "countNumber": 14
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}
            """)
            .resourceTags(Map.of("Foo", "Bar"))
            .build());
    }
}
Content copied to clipboard
resources:
  exampleRepositoryCreationTemplate:
    type: aws:ecr:RepositoryCreationTemplate
    name: example
    properties:
      prefix: example
      description: An example template
      imageTagMutability: IMMUTABLE
      customRoleArn: arn:aws:iam::123456789012:role/example
      appliedFors:
        - PULL_THROUGH_CACHE
      encryptionConfigurations:
        - encryptionType: AES256
      repositoryPolicy: ${example.json}
      lifecyclePolicy: |
        {
          "rules": [
            {
              "rulePriority": 1,
              "description": "Expire images older than 14 days",
              "selection": {
                "tagStatus": "untagged",
                "countType": "sinceImagePushed",
                "countUnit": "days",
                "countNumber": 14
              },
              "action": {
                "type": "expire"
              }
            }
          ]
        }
      resourceTags:
        Foo: Bar
variables:
  example:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - sid: new policy
            effect: Allow
            principals:
              - type: AWS
                identifiers:
                  - '123456789012'
            actions:
              - ecr:GetDownloadUrlForLayer
              - ecr:BatchGetImage
              - ecr:BatchCheckLayerAvailability
              - ecr:PutImage
              - ecr:InitiateLayerUpload
              - ecr:UploadLayerPart
              - ecr:CompleteLayerUpload
              - ecr:DescribeRepositories
              - ecr:GetRepositoryPolicy
              - ecr:ListImages
              - ecr:DeleteRepository
              - ecr:BatchDeleteImage
              - ecr:SetRepositoryPolicy
              - ecr:DeleteRepositoryPolicy
Content copied to clipboard

Import

Using pulumi import, import the ECR Repository Creating Templates using the prefix. For example:

$ pulumi import aws:ecr/repositoryCreationTemplate:RepositoryCreationTemplate example example
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(appliedFors: Output<List<String>>? = null, customRoleArn: Output<String>? = null, description: Output<String>? = null, encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null, imageTagMutability: Output<String>? = null, lifecyclePolicy: Output<String>? = null, prefix: Output<String>? = null, repositoryPolicy: Output<String>? = null, resourceTags: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val appliedFors: Output<List<String>>? = null

Which features this template applies to. Must contain one or more of PULL_THROUGH_CACHE or REPLICATION.

Link copied to clipboard
val customRoleArn: Output<String>? = null

A custom IAM role to use for repository creation. Required if using repository tags or KMS encryption.

Link copied to clipboard
val description: Output<String>? = null

The description for this template.

Link copied to clipboard
val encryptionConfigurations: Output<List<RepositoryCreationTemplateEncryptionConfigurationArgs>>? = null

Encryption configuration for any created repositories. See below for schema.

Link copied to clipboard
val imageTagMutability: Output<String>? = null

The tag mutability setting for any created repositories. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

Link copied to clipboard
val lifecyclePolicy: Output<String>? = null

The lifecycle policy document to apply to any created repositories. See more details about Policy Parameters in the official AWS docs. Consider using the aws.ecr.getLifecyclePolicyDocument data_source to generate/manage the JSON document used for the lifecycle_policy argument.

Link copied to clipboard
val prefix: Output<String>? = null

The repository name prefix to match against. Use ROOT to match any prefix that doesn't explicitly match another template.

Link copied to clipboard
val repositoryPolicy: Output<String>? = null
Link copied to clipboard
val resourceTags: Output<Map<String, String>>? = null

A map of tags to assign to any created repositories.

Functions

Link copied to clipboard
open override fun toJava(): RepositoryCreationTemplateArgs