-
Notifications
You must be signed in to change notification settings - Fork 9
/
aws-ecr-repository.json
160 lines (160 loc) · 6.54 KB
/
aws-ecr-repository.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
{
"typeName": "AWS::ECR::Repository",
"description": "The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html",
"sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git",
"definitions": {
"LifecyclePolicy": {
"type": "object",
"description": "The LifecyclePolicy property type specifies a lifecycle policy. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html",
"properties": {
"LifecyclePolicyText": {
"$ref": "#/definitions/LifecyclePolicyText"
},
"RegistryId": {
"$ref": "#/definitions/RegistryId"
}
},
"additionalProperties": false
},
"LifecyclePolicyText": {
"type": "string",
"description": "The JSON repository policy text to apply to the repository.",
"minLength": 100,
"maxLength": 30720
},
"RegistryId": {
"type": "string",
"description": "The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. ",
"minLength": 12,
"maxLength": 12,
"pattern": "^[0-9]{12}$"
},
"Tag": {
"description": "A key-value pair to associate with a resource.",
"type": "object",
"properties": {
"Key": {
"type": "string",
"description": "The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
"minLength": 1,
"maxLength": 127
},
"Value": {
"type": "string",
"description": "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
"minLength": 1,
"maxLength": 255
}
},
"required": [
"Value",
"Key"
],
"additionalProperties": false
},
"ScanOnPush": {
"type": "boolean",
"description": "The setting that determines whether images are scanned after being pushed to a repository."
}
},
"properties": {
"LifecyclePolicy": {
"$ref": "#/definitions/LifecyclePolicy"
},
"RepositoryName": {
"type": "string",
"description": "The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html.",
"minLength": 2,
"maxLength": 256,
"pattern": "^(?=.{2,256}$)((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)$"
},
"RepositoryPolicyText": {
"type": [
"object",
"string"
],
"description": "The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html in the Amazon Elastic Container Registry User Guide. "
},
"Tags": {
"type": "array",
"maxItems": 50,
"uniqueItems": true,
"insertionOrder": false,
"description": "An array of key-value pairs to apply to this resource.",
"items": {
"$ref": "#/definitions/Tag"
}
},
"Arn": {
"type": "string"
},
"ImageTagMutability": {
"type": "string",
"description": "The image tag mutability setting for the repository.",
"enum": [
"MUTABLE",
"IMMUTABLE"
]
},
"ImageScanningConfiguration": {
"type": "object",
"description": "The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.",
"properties": {
"ScanOnPush": {
"$ref": "#/definitions/ScanOnPush"
}
},
"additionalProperties": false
}
},
"createOnlyProperties": [
"/properties/RepositoryName"
],
"readOnlyProperties": [
"/properties/Arn"
],
"primaryIdentifier": [
"/properties/RepositoryName"
],
"handlers": {
"create": {
"permissions": [
"ecr:CreateRepository",
"ecr:PutLifecyclePolicy",
"ecr:SetRepositoryPolicy",
"ecr:TagResource"
]
},
"read": {
"permissions": [
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListTagsForResource"
]
},
"update": {
"permissions": [
"ecr:PutLifecyclePolicy",
"ecr:SetRepositoryPolicy",
"ecr:TagResource",
"ecr:UntagResource",
"ecr:DeleteLifecyclePolicy",
"ecr:DeleteRepositoryPolicy",
"ecr:PutImageScanningConfiguration",
"ecr:PutImageTagMutability"
]
},
"delete": {
"permissions": [
"ecr:DeleteRepository"
]
},
"list": {
"permissions": [
"ecr:DescribeRepositories"
]
}
},
"additionalProperties": false
}