AWS::ECR::Repository-ImageScanningConfiguration

[autarchprinceps]

CloudFormation requires the equivalent setting to:
aws ecr create-repository --repository-name name --image-scanning-configuration scanOnPush=true
to enable the automatic image scanning on ECR.

https://docs.aws.amazon.com/en_pv/AmazonECR/latest/userguide/image-scanning.html

ECR is Compute and the expected behaviour is to make the scanOnPush settings configurable through CloudFormation as well. I think what needs to be done is clear.

[whereisaaron]

Ref: aws/containers-roadmap#552

[RomanCRS]

Any ETA on this?

[et304383]

Why isn't CloudFormation a first class citizen like the API when new features are released? Sigh.

[autarchprinceps]

Why isn't CloudFormation a first class citizen like the API when new features are released? Sigh.

Yeah, I have asked myself this many times, especially, when it is not something that seems to be very complex, since it is a 1:1 match to the corresponding fields in the API. I've seen several of those cases, and they still take months to be in Cloudformation.
Often terraform is faster than CloudFormation. How can that be?

[1davidmichael]

I'd like an ETA on this as well. From a feature perspective if it isn't available via CFN it isn't worth us using unless we go the custom resource route, which is a pain.

[ngamradt-turner]

@1davidmichael I agree, custom resources are for something that is truly custom work, not for adding base-line support of feature that AWS has added.

I have reached out to our TAM team to ask about this specific feature, I would ask that others do the same.

[JonLittleIT]

Please make this happen faster....

[luiseduardocolon]

I hear you @JonLittleIT :) hopefully we'll have some good news real soon now ...

[mwarkentin]

Looks like this is available now: aws/containers-roadmap#552 (comment)

[PatMyron]

AWS::ECR::Repository.ImageScanningConfiguration

examples

[sam9191]

ImageScanningConfiguration works but I get a validation error in my template on AWS Console:

        "myRepository": {
            "Type": "AWS::ECR::Repository",
            "Properties": {
                "RepositoryName": "myRepoName",
                "ImageScanningConfiguration": {
                    "scanOnPush": "true"
                }
            }
        }

Here is the error message:

Stack operations on resource myRepository would fail starting from 03/01/2021 as the template has invalid properties. Please refer to the resource documentation to fix the template. Properties validation failed for resource myRepository with message: #/ImageScanningConfiguration: extraneous key [scanOnPush] is not permitted

Is this a bug?
Will my template stop working from 03/01/2021 as the error message says?

[PatMyron]

property casing?
https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr/blob/9b93cbd64f26fe62a5389ea2df6a3d86274fe1fe/aws-ecr-repository/aws-ecr-repository.json#L99-L107

[sam9191]

Yes "ScanOnPush" did it. So should the example in the docs be corrected?
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#aws-resource-ecr-repository--examples

[Vadim-Zenin]

Hello,
scanOnPush throw
Resource template validation failed for resource Repository as the template has invalid properties. Please refer to the resource documentation to fix the template. Properties validation failed for resource Repository with message: #/ImageScanningConfiguration: extraneous key [scanOnPush] is not permitted

[sam9191]

@Vadim-Zenin try ScanOnPush with capital S