README
¶
Amazon ECR Construct Library
This package contains constructs for working with Amazon Elastic Container Registry.
Repositories
Define a repository by creating a new instance of Repository. A repository
holds multiple verions of a single container image.
repository := ecr.NewRepository(this, jsii.String("Repository"))
Image scanning
Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable imageScanOnPush in the properties
repository := ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
imageScanOnPush: jsii.Boolean(true),
})
To create an onImageScanCompleted event rule and trigger the event target
var repository repository
var target someTarget
repository.onImageScanCompleted(jsii.String("ImageScanComplete")).addTarget(target)
Authorization Token
Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at Registry Authentication.
A Docker authorization token can be obtained using the GetAuthorizationToken ECR API. The following code snippets
grants an IAM user access to call this API.
user := iam.NewUser(this, jsii.String("User"))
ecr.authorizationToken.grantRead(user)
If you access images in the Public ECR Gallery as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits.
See
Pricingin https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and Service quotas.
The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery.
user := iam.NewUser(this, jsii.String("User"))
ecr.publicGalleryAuthorizationToken.grantRead(user)
This user can then proceed to login to the registry using one of the authentication methods.
Image tag immutability
You can set tag immutability on images in our repository using the imageTagMutability construct prop.
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
imageTagMutability: ecr.tagMutability_IMMUTABLE,
})
Encryption
By default, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. For more control over the encryption for your Amazon ECR repositories, you can use server-side encryption with KMS keys stored in AWS Key Management Service (AWS KMS). Read more about this feature in the ECR Developer Guide.
When you use AWS KMS to encrypt your data, you can either use the default AWS managed key, which is managed by Amazon ECR, by specifying RepositoryEncryption.KMS in the encryption property. Or specify your own customer managed KMS key, by specifying the encryptionKey property.
When encryptionKey is set, the encryption property must be KMS or empty.
In the case encryption is set to KMS but no encryptionKey is set, an AWS managed KMS key is used.
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
encryption: ecr.repositoryEncryption_KMS(),
})
Otherwise, a customer-managed KMS key is used if encryptionKey was set and encryption was optionally set to KMS.
import kms "github.com/aws/aws-cdk-go/awscdk"
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
encryptionKey: kms.NewKey(this, jsii.String("Key")),
})
Automatically clean up repositories
You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here):
var repository repository
repository.addLifecycleRule(&lifecycleRule{
tagPrefixList: []*string{
jsii.String("prod"),
},
maxImageCount: jsii.Number(9999),
})
repository.addLifecycleRule(&lifecycleRule{
maxImageAge: awscdk.Duration.days(jsii.Number(30)),
})
Documentation
¶
Index ¶
- func AuthorizationToken_GrantRead(grantee awsiam.IGrantable)
- func CfnPublicRepository_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPublicRepository_IsCfnElement(x interface{}) *bool
- func CfnPublicRepository_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnPublicRepository_IsConstruct(x interface{}) *bool
- func CfnPullThroughCacheRule_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPullThroughCacheRule_IsCfnElement(x interface{}) *bool
- func CfnPullThroughCacheRule_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnPullThroughCacheRule_IsConstruct(x interface{}) *bool
- func CfnRegistryPolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnRegistryPolicy_IsCfnElement(x interface{}) *bool
- func CfnRegistryPolicy_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnRegistryPolicy_IsConstruct(x interface{}) *bool
- func CfnReplicationConfiguration_CFN_RESOURCE_TYPE_NAME() *string
- func CfnReplicationConfiguration_IsCfnElement(x interface{}) *bool
- func CfnReplicationConfiguration_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnReplicationConfiguration_IsConstruct(x interface{}) *bool
- func CfnRepository_CFN_RESOURCE_TYPE_NAME() *string
- func CfnRepository_IsCfnElement(x interface{}) *bool
- func CfnRepository_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnRepository_IsConstruct(x interface{}) *bool
- func NewCfnPublicRepository_Override(c CfnPublicRepository, scope constructs.Construct, id *string, ...)
- func NewCfnPullThroughCacheRule_Override(c CfnPullThroughCacheRule, scope constructs.Construct, id *string, ...)
- func NewCfnRegistryPolicy_Override(c CfnRegistryPolicy, scope constructs.Construct, id *string, ...)
- func NewCfnReplicationConfiguration_Override(c CfnReplicationConfiguration, scope constructs.Construct, id *string, ...)
- func NewCfnRepository_Override(c CfnRepository, scope constructs.Construct, id *string, ...)
- func NewRepositoryBase_Override(r RepositoryBase, scope constructs.Construct, id *string, ...)
- func NewRepositoryEncryption_Override(r RepositoryEncryption, value *string)
- func NewRepository_Override(r Repository, scope constructs.Construct, id *string, props *RepositoryProps)
- func PublicGalleryAuthorizationToken_GrantRead(grantee awsiam.IGrantable)
- func RepositoryBase_IsConstruct(x interface{}) *bool
- func RepositoryBase_IsOwnedResource(construct constructs.IConstruct) *bool
- func RepositoryBase_IsResource(construct constructs.IConstruct) *bool
- func Repository_ArnForLocalRepository(repositoryName *string, scope constructs.IConstruct, account *string) *string
- func Repository_IsConstruct(x interface{}) *bool
- func Repository_IsOwnedResource(construct constructs.IConstruct) *bool
- func Repository_IsResource(construct constructs.IConstruct) *bool
- type AuthorizationToken
- type CfnPublicRepository
- type CfnPublicRepositoryProps
- type CfnPullThroughCacheRule
- type CfnPullThroughCacheRuleProps
- type CfnRegistryPolicy
- type CfnRegistryPolicyProps
- type CfnReplicationConfiguration
- type CfnReplicationConfigurationProps
- type CfnReplicationConfiguration_ReplicationConfigurationProperty
- type CfnReplicationConfiguration_ReplicationDestinationProperty
- type CfnReplicationConfiguration_ReplicationRuleProperty
- type CfnReplicationConfiguration_RepositoryFilterProperty
- type CfnRepository
- type CfnRepositoryProps
- type CfnRepository_EncryptionConfigurationProperty
- type CfnRepository_ImageScanningConfigurationProperty
- type CfnRepository_LifecyclePolicyProperty
- type IRepository
- func Repository_FromRepositoryArn(scope constructs.Construct, id *string, repositoryArn *string) IRepository
- func Repository_FromRepositoryAttributes(scope constructs.Construct, id *string, attrs *RepositoryAttributes) IRepository
- func Repository_FromRepositoryName(scope constructs.Construct, id *string, repositoryName *string) IRepository
- type LifecycleRule
- type OnCloudTrailImagePushedOptions
- type OnImageScanCompletedOptions
- type PublicGalleryAuthorizationToken
- type Repository
- type RepositoryAttributes
- type RepositoryBase
- type RepositoryEncryption
- type RepositoryProps
- type TagMutability
- type TagStatus
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthorizationToken_GrantRead ¶
func AuthorizationToken_GrantRead(grantee awsiam.IGrantable)
Grant access to retrieve an authorization token.
func CfnPublicRepository_CFN_RESOURCE_TYPE_NAME ¶
func CfnPublicRepository_CFN_RESOURCE_TYPE_NAME() *string
func CfnPublicRepository_IsCfnElement ¶
func CfnPublicRepository_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPublicRepository_IsCfnResource ¶
func CfnPublicRepository_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnPublicRepository_IsConstruct ¶
func CfnPublicRepository_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPullThroughCacheRule_CFN_RESOURCE_TYPE_NAME ¶ added in v2.13.0
func CfnPullThroughCacheRule_CFN_RESOURCE_TYPE_NAME() *string
func CfnPullThroughCacheRule_IsCfnElement ¶ added in v2.13.0
func CfnPullThroughCacheRule_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPullThroughCacheRule_IsCfnResource ¶ added in v2.13.0
func CfnPullThroughCacheRule_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnPullThroughCacheRule_IsConstruct ¶ added in v2.13.0
func CfnPullThroughCacheRule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnRegistryPolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnRegistryPolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnRegistryPolicy_IsCfnElement ¶
func CfnRegistryPolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnRegistryPolicy_IsCfnResource ¶
func CfnRegistryPolicy_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnRegistryPolicy_IsConstruct ¶
func CfnRegistryPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnReplicationConfiguration_CFN_RESOURCE_TYPE_NAME ¶
func CfnReplicationConfiguration_CFN_RESOURCE_TYPE_NAME() *string
func CfnReplicationConfiguration_IsCfnElement ¶
func CfnReplicationConfiguration_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnReplicationConfiguration_IsCfnResource ¶
func CfnReplicationConfiguration_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnReplicationConfiguration_IsConstruct ¶
func CfnReplicationConfiguration_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnRepository_CFN_RESOURCE_TYPE_NAME ¶
func CfnRepository_CFN_RESOURCE_TYPE_NAME() *string
func CfnRepository_IsCfnElement ¶
func CfnRepository_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnRepository_IsCfnResource ¶
func CfnRepository_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnRepository_IsConstruct ¶
func CfnRepository_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewCfnPublicRepository_Override ¶
func NewCfnPublicRepository_Override(c CfnPublicRepository, scope constructs.Construct, id *string, props *CfnPublicRepositoryProps)
Create a new `AWS::ECR::PublicRepository`.
func NewCfnPullThroughCacheRule_Override ¶ added in v2.13.0
func NewCfnPullThroughCacheRule_Override(c CfnPullThroughCacheRule, scope constructs.Construct, id *string, props *CfnPullThroughCacheRuleProps)
Create a new `AWS::ECR::PullThroughCacheRule`.
func NewCfnRegistryPolicy_Override ¶
func NewCfnRegistryPolicy_Override(c CfnRegistryPolicy, scope constructs.Construct, id *string, props *CfnRegistryPolicyProps)
Create a new `AWS::ECR::RegistryPolicy`.
func NewCfnReplicationConfiguration_Override ¶
func NewCfnReplicationConfiguration_Override(c CfnReplicationConfiguration, scope constructs.Construct, id *string, props *CfnReplicationConfigurationProps)
Create a new `AWS::ECR::ReplicationConfiguration`.
func NewCfnRepository_Override ¶
func NewCfnRepository_Override(c CfnRepository, scope constructs.Construct, id *string, props *CfnRepositoryProps)
Create a new `AWS::ECR::Repository`.
func NewRepositoryBase_Override ¶
func NewRepositoryBase_Override(r RepositoryBase, scope constructs.Construct, id *string, props *awscdk.ResourceProps)
func NewRepositoryEncryption_Override ¶ added in v2.11.0
func NewRepositoryEncryption_Override(r RepositoryEncryption, value *string)
func NewRepository_Override ¶
func NewRepository_Override(r Repository, scope constructs.Construct, id *string, props *RepositoryProps)
func PublicGalleryAuthorizationToken_GrantRead ¶
func PublicGalleryAuthorizationToken_GrantRead(grantee awsiam.IGrantable)
Grant access to retrieve an authorization token.
func RepositoryBase_IsConstruct ¶
func RepositoryBase_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func RepositoryBase_IsOwnedResource ¶ added in v2.32.0
func RepositoryBase_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func RepositoryBase_IsResource ¶
func RepositoryBase_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func Repository_ArnForLocalRepository ¶
func Repository_ArnForLocalRepository(repositoryName *string, scope constructs.IConstruct, account *string) *string
Returns an ECR ARN for a repository that resides in the same account/region as the current stack.
func Repository_IsConstruct ¶
func Repository_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Repository_IsOwnedResource ¶ added in v2.32.0
func Repository_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func Repository_IsResource ¶
func Repository_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
Types ¶
type AuthorizationToken ¶
type AuthorizationToken interface {
}
Authorization token to access private ECR repositories in the current environment via Docker CLI.
Example:
user := iam.NewUser(this, jsii.String("User"))
ecr.authorizationToken.grantRead(user)
See: https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html
type CfnPublicRepository ¶
type CfnPublicRepository interface {
awscdk.CfnResource
awscdk.IInspectable
// Returns the Amazon Resource Name (ARN) for the specified `AWS::ECR::PublicRepository` resource.
//
// For example, `arn:aws:ecr-public:: *123456789012* :repository/ *test-repository*` .
AttrArn() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The details about the repository that are publicly visible in the Amazon ECR Public Gallery.
//
// For more information, see [Amazon ECR Public repository catalog data](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-catalog-data.html) in the *Amazon ECR Public User Guide* .
RepositoryCatalogData() interface{}
SetRepositoryCatalogData(val interface{})
// The name to use for the public repository.
//
// The repository name may be specified on its own (such as `nginx-web-app` ) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app` ). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
RepositoryName() *string
SetRepositoryName(val *string)
// The JSON repository policy text to apply to the public repository.
//
// For more information, see [Amazon ECR Public repository policies](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policies.html) in the *Amazon ECR Public User Guide* .
RepositoryPolicyText() interface{}
SetRepositoryPolicyText(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// An array of key-value pairs to apply to this resource.
Tags() awscdk.TagManager
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ECR::PublicRepository`.
The `AWS::ECR::PublicRepository` resource specifies an Amazon Elastic Container Registry Public (Amazon ECR Public) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see [Amazon ECR public repositories](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repositories.html) in the *Amazon ECR Public User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var repositoryCatalogData interface{}
var repositoryPolicyText interface{}
cfnPublicRepository := awscdk.Aws_ecr.NewCfnPublicRepository(this, jsii.String("MyCfnPublicRepository"), &cfnPublicRepositoryProps{
repositoryCatalogData: repositoryCatalogData,
repositoryName: jsii.String("repositoryName"),
repositoryPolicyText: repositoryPolicyText,
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
})
func NewCfnPublicRepository ¶
func NewCfnPublicRepository(scope constructs.Construct, id *string, props *CfnPublicRepositoryProps) CfnPublicRepository
Create a new `AWS::ECR::PublicRepository`.
type CfnPublicRepositoryProps ¶
type CfnPublicRepositoryProps struct {
// The details about the repository that are publicly visible in the Amazon ECR Public Gallery.
//
// For more information, see [Amazon ECR Public repository catalog data](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-catalog-data.html) in the *Amazon ECR Public User Guide* .
RepositoryCatalogData interface{} `field:"optional" json:"repositoryCatalogData" yaml:"repositoryCatalogData"`
// The name to use for the public repository.
//
// The repository name may be specified on its own (such as `nginx-web-app` ) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app` ). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
RepositoryName *string `field:"optional" json:"repositoryName" yaml:"repositoryName"`
// The JSON repository policy text to apply to the public repository.
//
// For more information, see [Amazon ECR Public repository policies](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policies.html) in the *Amazon ECR Public User Guide* .
RepositoryPolicyText interface{} `field:"optional" json:"repositoryPolicyText" yaml:"repositoryPolicyText"`
// An array of key-value pairs to apply to this resource.
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnPublicRepository`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var repositoryCatalogData interface{}
var repositoryPolicyText interface{}
cfnPublicRepositoryProps := &cfnPublicRepositoryProps{
repositoryCatalogData: repositoryCatalogData,
repositoryName: jsii.String("repositoryName"),
repositoryPolicyText: repositoryPolicyText,
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
}
type CfnPullThroughCacheRule ¶ added in v2.13.0
type CfnPullThroughCacheRule interface {
awscdk.CfnResource
awscdk.IInspectable
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The Amazon ECR repository prefix associated with the pull through cache rule.
EcrRepositoryPrefix() *string
SetEcrRepositoryPrefix(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// The upstream registry URL associated with the pull through cache rule.
UpstreamRegistryUrl() *string
SetUpstreamRegistryUrl(val *string)
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ECR::PullThroughCacheRule`.
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an external public registry in your Amazon ECR private registry.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPullThroughCacheRule := awscdk.Aws_ecr.NewCfnPullThroughCacheRule(this, jsii.String("MyCfnPullThroughCacheRule"), &cfnPullThroughCacheRuleProps{
ecrRepositoryPrefix: jsii.String("ecrRepositoryPrefix"),
upstreamRegistryUrl: jsii.String("upstreamRegistryUrl"),
})
func NewCfnPullThroughCacheRule ¶ added in v2.13.0
func NewCfnPullThroughCacheRule(scope constructs.Construct, id *string, props *CfnPullThroughCacheRuleProps) CfnPullThroughCacheRule
Create a new `AWS::ECR::PullThroughCacheRule`.
type CfnPullThroughCacheRuleProps ¶ added in v2.13.0
type CfnPullThroughCacheRuleProps struct {
// The Amazon ECR repository prefix associated with the pull through cache rule.
EcrRepositoryPrefix *string `field:"optional" json:"ecrRepositoryPrefix" yaml:"ecrRepositoryPrefix"`
// The upstream registry URL associated with the pull through cache rule.
UpstreamRegistryUrl *string `field:"optional" json:"upstreamRegistryUrl" yaml:"upstreamRegistryUrl"`
}
Properties for defining a `CfnPullThroughCacheRule`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPullThroughCacheRuleProps := &cfnPullThroughCacheRuleProps{
ecrRepositoryPrefix: jsii.String("ecrRepositoryPrefix"),
upstreamRegistryUrl: jsii.String("upstreamRegistryUrl"),
}
type CfnRegistryPolicy ¶
type CfnRegistryPolicy interface {
awscdk.CfnResource
awscdk.IInspectable
// The account ID of the private registry the policy is associated with.
AttrRegistryId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// The JSON policy text for your registry.
PolicyText() interface{}
SetPolicyText(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ECR::RegistryPolicy`.
The `AWS::ECR::RegistryPolicy` resource creates or updates the permissions policy for a private registry.
A private registry policy is used to specify permissions for another AWS account and is used when configuring cross-account replication. For more information, see [Registry permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html) in the *Amazon Elastic Container Registry User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var policyText interface{}
cfnRegistryPolicy := awscdk.Aws_ecr.NewCfnRegistryPolicy(this, jsii.String("MyCfnRegistryPolicy"), &cfnRegistryPolicyProps{
policyText: policyText,
})
func NewCfnRegistryPolicy ¶
func NewCfnRegistryPolicy(scope constructs.Construct, id *string, props *CfnRegistryPolicyProps) CfnRegistryPolicy
Create a new `AWS::ECR::RegistryPolicy`.
type CfnRegistryPolicyProps ¶
type CfnRegistryPolicyProps struct {
// The JSON policy text for your registry.
PolicyText interface{} `field:"required" json:"policyText" yaml:"policyText"`
}
Properties for defining a `CfnRegistryPolicy`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var policyText interface{}
cfnRegistryPolicyProps := &cfnRegistryPolicyProps{
policyText: policyText,
}
type CfnReplicationConfiguration ¶
type CfnReplicationConfiguration interface {
awscdk.CfnResource
awscdk.IInspectable
// The account ID of the destination registry.
AttrRegistryId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The replication configuration for a registry.
ReplicationConfiguration() interface{}
SetReplicationConfiguration(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ECR::ReplicationConfiguration`.
The `AWS::ECR::ReplicationConfiguration` resource creates or updates the replication configuration for a private registry. The first time a replication configuration is applied to a private registry, a service-linked IAM role is created in your account for the replication process. For more information, see [Using Service-Linked Roles for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html) in the *Amazon Elastic Container Registry User Guide* .
> When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a private registry permissions policy. For more information, see `AWS::ECR::RegistryPolicy` .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnReplicationConfiguration := awscdk.Aws_ecr.NewCfnReplicationConfiguration(this, jsii.String("MyCfnReplicationConfiguration"), &cfnReplicationConfigurationProps{
replicationConfiguration: &replicationConfigurationProperty{
rules: []interface{}{
&replicationRuleProperty{
destinations: []interface{}{
&replicationDestinationProperty{
region: jsii.String("region"),
registryId: jsii.String("registryId"),
},
},
// the properties below are optional
repositoryFilters: []interface{}{
&repositoryFilterProperty{
filter: jsii.String("filter"),
filterType: jsii.String("filterType"),
},
},
},
},
},
})
func NewCfnReplicationConfiguration ¶
func NewCfnReplicationConfiguration(scope constructs.Construct, id *string, props *CfnReplicationConfigurationProps) CfnReplicationConfiguration
Create a new `AWS::ECR::ReplicationConfiguration`.
type CfnReplicationConfigurationProps ¶
type CfnReplicationConfigurationProps struct {
// The replication configuration for a registry.
ReplicationConfiguration interface{} `field:"required" json:"replicationConfiguration" yaml:"replicationConfiguration"`
}
Properties for defining a `CfnReplicationConfiguration`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnReplicationConfigurationProps := &cfnReplicationConfigurationProps{
replicationConfiguration: &replicationConfigurationProperty{
rules: []interface{}{
&replicationRuleProperty{
destinations: []interface{}{
&replicationDestinationProperty{
region: jsii.String("region"),
registryId: jsii.String("registryId"),
},
},
// the properties below are optional
repositoryFilters: []interface{}{
&repositoryFilterProperty{
filter: jsii.String("filter"),
filterType: jsii.String("filterType"),
},
},
},
},
},
}
type CfnReplicationConfiguration_ReplicationConfigurationProperty ¶
type CfnReplicationConfiguration_ReplicationConfigurationProperty struct {
// An array of objects representing the replication destinations and repository filters for a replication configuration.
Rules interface{} `field:"required" json:"rules" yaml:"rules"`
}
The replication configuration for a registry.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
replicationConfigurationProperty := &replicationConfigurationProperty{
rules: []interface{}{
&replicationRuleProperty{
destinations: []interface{}{
&replicationDestinationProperty{
region: jsii.String("region"),
registryId: jsii.String("registryId"),
},
},
// the properties below are optional
repositoryFilters: []interface{}{
&repositoryFilterProperty{
filter: jsii.String("filter"),
filterType: jsii.String("filterType"),
},
},
},
},
}
type CfnReplicationConfiguration_ReplicationDestinationProperty ¶
type CfnReplicationConfiguration_ReplicationDestinationProperty struct {
// The Region to replicate to.
Region *string `field:"required" json:"region" yaml:"region"`
// The AWS account ID of the Amazon ECR private registry to replicate to.
//
// When configuring cross-Region replication within your own registry, specify your own account ID.
RegistryId *string `field:"required" json:"registryId" yaml:"registryId"`
}
An array of objects representing the destination for a replication rule.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
replicationDestinationProperty := &replicationDestinationProperty{
region: jsii.String("region"),
registryId: jsii.String("registryId"),
}
type CfnReplicationConfiguration_ReplicationRuleProperty ¶
type CfnReplicationConfiguration_ReplicationRuleProperty struct {
// An array of objects representing the destination for a replication rule.
Destinations interface{} `field:"required" json:"destinations" yaml:"destinations"`
// An array of objects representing the filters for a replication rule.
//
// Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
RepositoryFilters interface{} `field:"optional" json:"repositoryFilters" yaml:"repositoryFilters"`
}
An array of objects representing the replication destinations and repository filters for a replication configuration.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
replicationRuleProperty := &replicationRuleProperty{
destinations: []interface{}{
&replicationDestinationProperty{
region: jsii.String("region"),
registryId: jsii.String("registryId"),
},
},
// the properties below are optional
repositoryFilters: []interface{}{
&repositoryFilterProperty{
filter: jsii.String("filter"),
filterType: jsii.String("filterType"),
},
},
}
type CfnReplicationConfiguration_RepositoryFilterProperty ¶
type CfnReplicationConfiguration_RepositoryFilterProperty struct {
// The repository filter details.
//
// When the `PREFIX_MATCH` filter type is specified, this value is required and should be the repository name prefix to configure replication for.
Filter *string `field:"required" json:"filter" yaml:"filter"`
// The repository filter type.
//
// The only supported value is `PREFIX_MATCH` , which is a repository name prefix specified with the `filter` parameter.
FilterType *string `field:"required" json:"filterType" yaml:"filterType"`
}
The filter settings used with image replication.
Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
repositoryFilterProperty := &repositoryFilterProperty{
filter: jsii.String("filter"),
filterType: jsii.String("filterType"),
}
type CfnRepository ¶
type CfnRepository interface {
awscdk.CfnResource
awscdk.IInspectable
// Returns the Amazon Resource Name (ARN) for the specified `AWS::ECR::Repository` resource.
//
// For example, `arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*` .
AttrArn() *string
// Returns the URI for the specified `AWS::ECR::Repository` resource.
//
// For example, `*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository` .
AttrRepositoryUri() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The encryption configuration for the repository.
//
// This determines how the contents of your repository are encrypted at rest.
EncryptionConfiguration() interface{}
SetEncryptionConfiguration(val interface{})
// The image scanning configuration for the repository.
//
// This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
ImageScanningConfiguration() interface{}
SetImageScanningConfiguration(val interface{})
// The tag mutability setting for the repository.
//
// If this parameter is omitted, the default setting of `MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
ImageTagMutability() *string
SetImageTagMutability(val *string)
// Creates or updates a lifecycle policy.
//
// For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) .
LifecyclePolicy() interface{}
SetLifecyclePolicy(val interface{})
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The name to use for the repository.
//
// The repository name may be specified on its own (such as `nginx-web-app` ) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app` ). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
RepositoryName() *string
SetRepositoryName(val *string)
// The JSON repository policy text to apply to the repository.
//
// For more information, see [Amazon ECR repository policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html) in the *Amazon Elastic Container Registry User Guide* .
RepositoryPolicyText() interface{}
SetRepositoryPolicyText(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// An array of key-value pairs to apply to this resource.
Tags() awscdk.TagManager
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ECR::Repository`.
The `AWS::ECR::Repository` resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see [Amazon ECR private repositories](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html) in the *Amazon ECR User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var repositoryPolicyText interface{}
cfnRepository := awscdk.Aws_ecr.NewCfnRepository(this, jsii.String("MyCfnRepository"), &cfnRepositoryProps{
encryptionConfiguration: &encryptionConfigurationProperty{
encryptionType: jsii.String("encryptionType"),
// the properties below are optional
kmsKey: jsii.String("kmsKey"),
},
imageScanningConfiguration: &imageScanningConfigurationProperty{
scanOnPush: jsii.Boolean(false),
},
imageTagMutability: jsii.String("imageTagMutability"),
lifecyclePolicy: &lifecyclePolicyProperty{
lifecyclePolicyText: jsii.String("lifecyclePolicyText"),
registryId: jsii.String("registryId"),
},
repositoryName: jsii.String("repositoryName"),
repositoryPolicyText: repositoryPolicyText,
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
})
func NewCfnRepository ¶
func NewCfnRepository(scope constructs.Construct, id *string, props *CfnRepositoryProps) CfnRepository
Create a new `AWS::ECR::Repository`.
type CfnRepositoryProps ¶
type CfnRepositoryProps struct {
// The encryption configuration for the repository.
//
// This determines how the contents of your repository are encrypted at rest.
EncryptionConfiguration interface{} `field:"optional" json:"encryptionConfiguration" yaml:"encryptionConfiguration"`
// The image scanning configuration for the repository.
//
// This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
ImageScanningConfiguration interface{} `field:"optional" json:"imageScanningConfiguration" yaml:"imageScanningConfiguration"`
// The tag mutability setting for the repository.
//
// If this parameter is omitted, the default setting of `MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
ImageTagMutability *string `field:"optional" json:"imageTagMutability" yaml:"imageTagMutability"`
// Creates or updates a lifecycle policy.
//
// For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) .
LifecyclePolicy interface{} `field:"optional" json:"lifecyclePolicy" yaml:"lifecyclePolicy"`
// The name to use for the repository.
//
// The repository name may be specified on its own (such as `nginx-web-app` ) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app` ). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
RepositoryName *string `field:"optional" json:"repositoryName" yaml:"repositoryName"`
// The JSON repository policy text to apply to the repository.
//
// For more information, see [Amazon ECR repository policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html) in the *Amazon Elastic Container Registry User Guide* .
RepositoryPolicyText interface{} `field:"optional" json:"repositoryPolicyText" yaml:"repositoryPolicyText"`
// An array of key-value pairs to apply to this resource.
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnRepository`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var repositoryPolicyText interface{}
cfnRepositoryProps := &cfnRepositoryProps{
encryptionConfiguration: &encryptionConfigurationProperty{
encryptionType: jsii.String("encryptionType"),
// the properties below are optional
kmsKey: jsii.String("kmsKey"),
},
imageScanningConfiguration: &imageScanningConfigurationProperty{
scanOnPush: jsii.Boolean(false),
},
imageTagMutability: jsii.String("imageTagMutability"),
lifecyclePolicy: &lifecyclePolicyProperty{
lifecyclePolicyText: jsii.String("lifecyclePolicyText"),
registryId: jsii.String("registryId"),
},
repositoryName: jsii.String("repositoryName"),
repositoryPolicyText: repositoryPolicyText,
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
}
type CfnRepository_EncryptionConfigurationProperty ¶
type CfnRepository_EncryptionConfigurationProperty struct {
// The encryption type to use.
//
// If you use the `KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see [Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* .
//
// If you use the `AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see [Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* .
EncryptionType *string `field:"required" json:"encryptionType" yaml:"encryptionType"`
// If you use the `KMS` encryption type, specify the AWS KMS key to use for encryption.
//
// The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.
KmsKey *string `field:"optional" json:"kmsKey" yaml:"kmsKey"`
}
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
encryptionConfigurationProperty := &encryptionConfigurationProperty{
encryptionType: jsii.String("encryptionType"),
// the properties below are optional
kmsKey: jsii.String("kmsKey"),
}
type CfnRepository_ImageScanningConfigurationProperty ¶
type CfnRepository_ImageScanningConfigurationProperty struct {
// The setting that determines whether images are scanned after being pushed to a repository.
//
// If set to `true` , images will be scanned after being pushed. If this parameter is not specified, it will default to `false` and images will not be scanned unless a scan is manually started.
ScanOnPush interface{} `field:"optional" json:"scanOnPush" yaml:"scanOnPush"`
}
The image scanning configuration for a repository.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
imageScanningConfigurationProperty := &imageScanningConfigurationProperty{
scanOnPush: jsii.Boolean(false),
}
type CfnRepository_LifecyclePolicyProperty ¶
type CfnRepository_LifecyclePolicyProperty struct {
// The JSON repository policy text to apply to the repository.
LifecyclePolicyText *string `field:"optional" json:"lifecyclePolicyText" yaml:"lifecyclePolicyText"`
// The AWS account ID associated with the registry that contains the repository.
//
// If you do not specify a registry, the default registry is assumed.
RegistryId *string `field:"optional" json:"registryId" yaml:"registryId"`
}
The `LifecyclePolicy` property type specifies a lifecycle policy.
For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) in the *Amazon ECR User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
lifecyclePolicyProperty := &lifecyclePolicyProperty{
lifecyclePolicyText: jsii.String("lifecyclePolicyText"),
registryId: jsii.String("registryId"),
}
type IRepository ¶
type IRepository interface {
awscdk.IResource
// Add a policy statement to the repository's resource policy.
AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
// Grant the given principal identity permissions to perform the actions on this repository.
Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
// Grant the given identity permissions to pull images in this repository.
GrantPull(grantee awsiam.IGrantable) awsiam.Grant
// Grant the given identity permissions to pull and push images to this repository.
GrantPullPush(grantee awsiam.IGrantable) awsiam.Grant
// Define a CloudWatch event that triggers when something happens to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailImagePushed(id *string, options *OnCloudTrailImagePushedOptions) awsevents.Rule
// Defines a CloudWatch event rule which triggers for repository events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed.
OnImageScanCompleted(id *string, options *OnImageScanCompletedOptions) awsevents.Rule
// Returns the URI of the repository for a certain digest. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForDigest(digest *string) *string
// Returns the URI of the repository for a certain tag. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
RepositoryUriForTag(tag *string) *string
// Returns the URI of the repository for a certain tag or digest, inferring based on the syntax of the tag.
//
// Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForTagOrDigest(tagOrDigest *string) *string
// The ARN of the repository.
RepositoryArn() *string
// The name of the repository.
RepositoryName() *string
// The URI of this repository (represents the latest image):.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
RepositoryUri() *string
}
Represents an ECR repository.
func Repository_FromRepositoryArn ¶
func Repository_FromRepositoryArn(scope constructs.Construct, id *string, repositoryArn *string) IRepository
func Repository_FromRepositoryAttributes ¶
func Repository_FromRepositoryAttributes(scope constructs.Construct, id *string, attrs *RepositoryAttributes) IRepository
Import a repository.
func Repository_FromRepositoryName ¶
func Repository_FromRepositoryName(scope constructs.Construct, id *string, repositoryName *string) IRepository
type LifecycleRule ¶
type LifecycleRule struct {
// Describes the purpose of the rule.
Description *string `field:"optional" json:"description" yaml:"description"`
// The maximum age of images to retain. The value must represent a number of days.
//
// Specify exactly one of maxImageCount and maxImageAge.
MaxImageAge awscdk.Duration `field:"optional" json:"maxImageAge" yaml:"maxImageAge"`
// The maximum number of images to retain.
//
// Specify exactly one of maxImageCount and maxImageAge.
MaxImageCount *float64 `field:"optional" json:"maxImageCount" yaml:"maxImageCount"`
// Controls the order in which rules are evaluated (low to high).
//
// All rules must have a unique priority, where lower numbers have
// higher precedence. The first rule that matches is applied to an image.
//
// There can only be one rule with a tagStatus of Any, and it must have
// the highest rulePriority.
//
// All rules without a specified priority will have incrementing priorities
// automatically assigned to them, higher than any rules that DO have priorities.
RulePriority *float64 `field:"optional" json:"rulePriority" yaml:"rulePriority"`
// Select images that have ALL the given prefixes in their tag.
//
// Only if tagStatus == TagStatus.Tagged
TagPrefixList *[]*string `field:"optional" json:"tagPrefixList" yaml:"tagPrefixList"`
// Select images based on tags.
//
// Only one rule is allowed to select untagged images, and it must
// have the highest rulePriority.
TagStatus TagStatus `field:"optional" json:"tagStatus" yaml:"tagStatus"`
}
An ECR life cycle rule.
Example:
var repository repository
repository.addLifecycleRule(&lifecycleRule{
tagPrefixList: []*string{
jsii.String("prod"),
},
maxImageCount: jsii.Number(9999),
})
repository.addLifecycleRule(&lifecycleRule{
maxImageAge: awscdk.Duration.days(jsii.Number(30)),
})
type OnCloudTrailImagePushedOptions ¶
type OnCloudTrailImagePushedOptions struct {
// A description of the rule's purpose.
Description *string `field:"optional" json:"description" yaml:"description"`
// Additional restrictions for the event to route to the specified target.
//
// The method that generates the rule probably imposes some type of event
// filtering. The filtering implied by what you pass here is added
// on top of that filtering.
// See: https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
//
EventPattern *awsevents.EventPattern `field:"optional" json:"eventPattern" yaml:"eventPattern"`
// A name for the rule.
RuleName *string `field:"optional" json:"ruleName" yaml:"ruleName"`
// The target to register for the event.
Target awsevents.IRuleTarget `field:"optional" json:"target" yaml:"target"`
// Only watch changes to this image tag.
ImageTag *string `field:"optional" json:"imageTag" yaml:"imageTag"`
}
Options for the onCloudTrailImagePushed method.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
var detail interface{}
var ruleTarget iRuleTarget
onCloudTrailImagePushedOptions := &onCloudTrailImagePushedOptions{
description: jsii.String("description"),
eventPattern: &eventPattern{
account: []*string{
jsii.String("account"),
},
detail: map[string]interface{}{
"detailKey": detail,
},
detailType: []*string{
jsii.String("detailType"),
},
id: []*string{
jsii.String("id"),
},
region: []*string{
jsii.String("region"),
},
resources: []*string{
jsii.String("resources"),
},
source: []*string{
jsii.String("source"),
},
time: []*string{
jsii.String("time"),
},
version: []*string{
jsii.String("version"),
},
},
imageTag: jsii.String("imageTag"),
ruleName: jsii.String("ruleName"),
target: ruleTarget,
}
type OnImageScanCompletedOptions ¶
type OnImageScanCompletedOptions struct {
// A description of the rule's purpose.
Description *string `field:"optional" json:"description" yaml:"description"`
// Additional restrictions for the event to route to the specified target.
//
// The method that generates the rule probably imposes some type of event
// filtering. The filtering implied by what you pass here is added
// on top of that filtering.
// See: https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
//
EventPattern *awsevents.EventPattern `field:"optional" json:"eventPattern" yaml:"eventPattern"`
// A name for the rule.
RuleName *string `field:"optional" json:"ruleName" yaml:"ruleName"`
// The target to register for the event.
Target awsevents.IRuleTarget `field:"optional" json:"target" yaml:"target"`
// Only watch changes to the image tags spedified.
//
// Leave it undefined to watch the full repository.
ImageTags *[]*string `field:"optional" json:"imageTags" yaml:"imageTags"`
}
Options for the OnImageScanCompleted method.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
var detail interface{}
var ruleTarget iRuleTarget
onImageScanCompletedOptions := &onImageScanCompletedOptions{
description: jsii.String("description"),
eventPattern: &eventPattern{
account: []*string{
jsii.String("account"),
},
detail: map[string]interface{}{
"detailKey": detail,
},
detailType: []*string{
jsii.String("detailType"),
},
id: []*string{
jsii.String("id"),
},
region: []*string{
jsii.String("region"),
},
resources: []*string{
jsii.String("resources"),
},
source: []*string{
jsii.String("source"),
},
time: []*string{
jsii.String("time"),
},
version: []*string{
jsii.String("version"),
},
},
imageTags: []*string{
jsii.String("imageTags"),
},
ruleName: jsii.String("ruleName"),
target: ruleTarget,
}
type PublicGalleryAuthorizationToken ¶
type PublicGalleryAuthorizationToken interface {
}
Authorization token to access the global public ECR Gallery via Docker CLI.
Example:
user := iam.NewUser(this, jsii.String("User"))
ecr.publicGalleryAuthorizationToken.grantRead(user)
See: https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth
type Repository ¶
type Repository interface {
RepositoryBase
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
// The ARN of the repository.
RepositoryArn() *string
// The name of the repository.
RepositoryName() *string
// The URI of this repository (represents the latest image):.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
RepositoryUri() *string
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Add a life cycle rule to the repository.
//
// Life cycle rules automatically expire images from the repository that match
// certain conditions.
AddLifecycleRule(rule *LifecycleRule)
// Add a policy statement to the repository's resource policy.
AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Grant the given principal identity permissions to perform the actions on this repository.
Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
// Grant the given identity permissions to use the images in this repository.
GrantPull(grantee awsiam.IGrantable) awsiam.Grant
// Grant the given identity permissions to pull and push images to this repository.
GrantPullPush(grantee awsiam.IGrantable) awsiam.Grant
// Define a CloudWatch event that triggers when something happens to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailImagePushed(id *string, options *OnCloudTrailImagePushedOptions) awsevents.Rule
// Defines a CloudWatch event rule which triggers for repository events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.
OnImageScanCompleted(id *string, options *OnImageScanCompletedOptions) awsevents.Rule
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForDigest(digest *string) *string
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
RepositoryUriForTag(tag *string) *string
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForTagOrDigest(tagOrDigest *string) *string
// Returns a string representation of this construct.
ToString() *string
}
Define an ECR repository.
Example:
import ecr "github.com/aws/aws-cdk-go/awscdk"
apprunner.NewService(this, jsii.String("Service"), &serviceProps{
source: apprunner.source.fromEcr(&ecrProps{
imageConfiguration: &imageConfiguration{
port: jsii.Number(80),
},
repository: ecr.repository.fromRepositoryName(this, jsii.String("NginxRepository"), jsii.String("nginx")),
tagOrDigest: jsii.String("latest"),
}),
})
func NewRepository ¶
func NewRepository(scope constructs.Construct, id *string, props *RepositoryProps) Repository
type RepositoryAttributes ¶
type RepositoryAttributes struct {
RepositoryArn *string `field:"required" json:"repositoryArn" yaml:"repositoryArn"`
RepositoryName *string `field:"required" json:"repositoryName" yaml:"repositoryName"`
}
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
repositoryAttributes := &repositoryAttributes{
repositoryArn: jsii.String("repositoryArn"),
repositoryName: jsii.String("repositoryName"),
}
type RepositoryBase ¶
type RepositoryBase interface {
awscdk.Resource
IRepository
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
// The ARN of the repository.
RepositoryArn() *string
// The name of the repository.
RepositoryName() *string
// The URI of this repository (represents the latest image):.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
RepositoryUri() *string
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Add a policy statement to the repository's resource policy.
AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Grant the given principal identity permissions to perform the actions on this repository.
Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
// Grant the given identity permissions to use the images in this repository.
GrantPull(grantee awsiam.IGrantable) awsiam.Grant
// Grant the given identity permissions to pull and push images to this repository.
GrantPullPush(grantee awsiam.IGrantable) awsiam.Grant
// Define a CloudWatch event that triggers when something happens to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.
//
// Requires that there exists at least one CloudTrail Trail in your account
// that captures the event. This method will not create the Trail.
OnCloudTrailImagePushed(id *string, options *OnCloudTrailImagePushedOptions) awsevents.Rule
// Defines a CloudWatch event rule which triggers for repository events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.
OnImageScanCompleted(id *string, options *OnImageScanCompletedOptions) awsevents.Rule
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForDigest(digest *string) *string
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
RepositoryUriForTag(tag *string) *string
// Returns the URL of the repository. Can be used in `docker push/pull`.
//
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
// ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]
RepositoryUriForTagOrDigest(tagOrDigest *string) *string
// Returns a string representation of this construct.
ToString() *string
}
Base class for ECR repository.
Reused between imported repositories and owned repositories.
type RepositoryEncryption ¶ added in v2.11.0
type RepositoryEncryption interface {
// the string value of the encryption.
Value() *string
}
Indicates whether server-side encryption is enabled for the object, and whether that encryption is from the AWS Key Management Service (AWS KMS) or from Amazon S3 managed encryption (SSE-S3).
Example:
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
encryption: ecr.repositoryEncryption_KMS(),
})
See: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata
func NewRepositoryEncryption ¶ added in v2.11.0
func NewRepositoryEncryption(value *string) RepositoryEncryption
func RepositoryEncryption_AES_256 ¶ added in v2.11.0
func RepositoryEncryption_AES_256() RepositoryEncryption
func RepositoryEncryption_KMS ¶ added in v2.11.0
func RepositoryEncryption_KMS() RepositoryEncryption
type RepositoryProps ¶
type RepositoryProps struct {
// The kind of server-side encryption to apply to this repository.
//
// If you choose KMS, you can specify a KMS key via `encryptionKey`. If
// encryptionKey is not specified, an AWS managed KMS key is used.
Encryption RepositoryEncryption `field:"optional" json:"encryption" yaml:"encryption"`
// External KMS key to use for repository encryption.
//
// The 'encryption' property must be either not specified or set to "KMS".
// An error will be emitted if encryption is set to "AES256".
EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
// Enable the scan on push when creating the repository.
ImageScanOnPush *bool `field:"optional" json:"imageScanOnPush" yaml:"imageScanOnPush"`
// The tag mutability setting for the repository.
//
// If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
ImageTagMutability TagMutability `field:"optional" json:"imageTagMutability" yaml:"imageTagMutability"`
// The AWS account ID associated with the registry that contains the repository.
// See: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html
//
LifecycleRegistryId *string `field:"optional" json:"lifecycleRegistryId" yaml:"lifecycleRegistryId"`
// Life cycle rules to apply to this registry.
LifecycleRules *[]*LifecycleRule `field:"optional" json:"lifecycleRules" yaml:"lifecycleRules"`
// Determine what happens to the repository when the resource/stack is deleted.
RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
// Name for this repository.
RepositoryName *string `field:"optional" json:"repositoryName" yaml:"repositoryName"`
}
Example:
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
imageTagMutability: ecr.tagMutability_IMMUTABLE,
})
type TagMutability ¶
type TagMutability string
The tag mutability setting for your repository.
Example:
ecr.NewRepository(this, jsii.String("Repo"), &repositoryProps{
imageTagMutability: ecr.tagMutability_IMMUTABLE,
})
const ( // allow image tags to be overwritten. TagMutability_MUTABLE TagMutability = "MUTABLE" // all image tags within the repository will be immutable which will prevent them from being overwritten. TagMutability_IMMUTABLE TagMutability = "IMMUTABLE" )
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.