@aws-cdk/aws-ecr
Advanced tools
This package contains constructs for working with Amazon Elastic Container Registry.
Define a repository by creating a new instance of Repository. A repository
holds multiple verions of a single container image.
const repository = new ecr.Repository(this, 'Repository');
Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable imageScanOnPush in the properties
const repository = new ecr.Repository(stack, 'Repo', {
imageScanOnPush: true
});
To create an onImageScanCompleted event rule and trigger the event target
repository.onImageScanCompleted('ImageScanComplete')
.addTarget(...)
Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at Registry Authentication.
A Docker authorization token can be obtained using the GetAuthorizationToken ECR API. The following code snippets
grants an IAM user access to call this API.
import * as iam from '@aws-cdk/aws-iam';
const user = new iam.User(this, 'User', { ... });
iam.AuthorizationToken.grantRead(user);
You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here):
repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) });
FAQs
The CDK Construct Library for AWS::ECR
The npm package @aws-cdk/aws-ecr receives a total of 98,478 weekly downloads. As such, @aws-cdk/aws-ecr popularity was classified as popular.
We found that @aws-cdk/aws-ecr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.