aws-ecr: support create ECR repository with scanOnPush enabled

[pahud]

The scanOnPush is not supported in cloudformation yet. We probably can use custom-resources construct lib to enable it when creating the ECR repository.

Use Case

It's very helpful if aws-ecr can create the repository with the scanOnPush activated.

Proposed Solution

As cloudformation has yet to support this in AWS::ECR::Repository, I was thinking mayabe we can implement it with custom-resources so we can eventually create the repo like this

const repo = new ecr.Repository(stack, 'Repo');
repo.addScanOnPush();

or just

const repo = new ecr.Repository(stack, 'Repo', {
   scanOnPush: true
});

However, custom-resources/lib/aws-custom-resource/runtime is running on Lambda NodeJS runtime with current AWS SDK VERSION: 2.488.0 while this feature requires aws-sdk-js >= 2.557.0.

I think we should enable this before the cloudformation native support but I am not sure what we can do.

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[Lasim]

Any updates?

[MrArnoldPalmer]

Cfn still doesn't support this out of the box. There is no one on the core team working on the custom resource currently. Add a 👍 to the issue if this is important to you as that helps us to prioritize. PRs are always welcome as well.

[winky]

I think this Issue can be closed by #7471.

[pahud]

@winky Yes it's already been shipped.