JSPM

@aws-cdk/aws-ecr

1.80.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 74248
  • Score
    100M100P100Q23889F
  • License Apache-2.0

The CDK Construct Library for AWS::ECR

Package Exports

  • @aws-cdk/aws-ecr

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@aws-cdk/aws-ecr) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Amazon ECR Construct Library

cfn-resources: Stable

cdk-constructs: Stable

This package contains constructs for working with Amazon Elastic Container Registry.

Repositories

Define a repository by creating a new instance of Repository. A repository holds multiple verions of a single container image.

const repository = new ecr.Repository(this, 'Repository');

Image scanning

Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable imageScanOnPush in the properties

const repository = new ecr.Repository(stack, 'Repo', {
  imageScanOnPush: true
});

To create an onImageScanCompleted event rule and trigger the event target

repository.onImageScanCompleted('ImageScanComplete')
  .addTarget(...)

Authorization Token

Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at Registry Authentication.

A Docker authorization token can be obtained using the GetAuthorizationToken ECR API. The following code snippets grants an IAM user access to call this API.

import * as iam from '@aws-cdk/aws-iam';

const user = new iam.User(this, 'User', { ... });
iam.AuthorizationToken.grantRead(user);

Automatically clean up repositories

You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here):

repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) });