AWS CloudFormation
User Guide (API 版本 2010-05-15)
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

AWS::ECR::Repository

AWS::ECR::Repository 资源可创建 Amazon Elastic Container Registry (Amazon ECR) 存储库(供用户“推”和“拉”Docker 映像)。有关更多信息,请参阅 Amazon Elastic Container Registry 用户指南 中的 Amazon ECR 存储库

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::ECR::Repository", "Properties" : { "LifecyclePolicy" : LifecyclePolicy, "RepositoryName" : String, "RepositoryPolicyText" : JSON object } }

YAML

Type: "AWS::ECR::Repository" Properties: LifecyclePolicy: LifecyclePolicy RepositoryName: String RepositoryPolicyText: JSON object

属性

LifecyclePolicy

存储库的生命周期策略。

必需:否

类型Amazon ECR 存储库 LifecyclePolicy

更新要求无需中断

RepositoryName

映像存储库的名称。如果不指定名称,则 AWS CloudFormation 生成一个唯一物理 ID 并将该 ID 用作存储库名称。有关更多信息,请参阅 名称类型

重要

如果指定一个名称,您将无法执行需要替换此资源的更新。您可以执行不需要或者只需要部分中断的更新。如果必须替换资源,请指定新名称。

Required: No

Type: String

更新要求替换

RepositoryPolicyText

控制谁有权访问存储库以及这些人可对存储库执行哪些操作的策略。有关更多信息,请参阅 Amazon Elastic Container Registry 用户指南 中的 Amazon ECR 存储库策略

Required: No

Type: JSON object

更新要求无需中断

返回值

Ref

当向 Ref 内部函数提供此资源的逻辑 ID 时,Ref 将返回此资源名称,如 test-repository

有关使用 Ref 功能的更多信息,请参阅参考

示例

下面的示例创建一个名为 test-repository 的存储库。它的策略允许用户 BobAlice“推”和“拉”映像。请注意,IAM 用户需要实际存在,否则堆栈的创建将会失败。

JSON

"MyRepository": { "Type": "AWS::ECR::Repository", "Properties": { "RepositoryName" : "test-repository", "RepositoryPolicyText" : { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::123456789012:user/Bob", "arn:aws:iam::123456789012:user/Alice" ] }, "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ] } ] } } }

YAML

MyRepository: Type: "AWS::ECR::Repository" Properties: RepositoryName: "test-repository" RepositoryPolicyText: Version: "2012-10-17" Statement: - Sid: AllowPushPull Effect: Allow Principal: AWS: - "arn:aws:iam::123456789012:user/Bob" - "arn:aws:iam::123456789012:user/Alice" Action: - "ecr:GetDownloadUrlForLayer" - "ecr:BatchGetImage" - "ecr:BatchCheckLayerAvailability" - "ecr:PutImage" - "ecr:InitiateLayerUpload" - "ecr:UploadLayerPart" - "ecr:CompleteLayerUpload"

以下示例创建一个具有生命周期策略的存储库。

JSON

{ "Parameters": { "lifecyclePolicyText": { "Type": "String" }, "repositoryName": { "Type": "String" }, "registryId": { "Type": "String" } }, "Resources": { "MyRepository": { "Type": "AWS::ECR::Repository", "Properties": { "LifecyclePolicy": { "LifecyclePolicyText": { "Ref": "lifecyclePolicyText" }, "RegistryId": { "Ref": "registryId" } }, "RepositoryName": { "Ref": "repositoryName" } } } }, "Outputs": { "Arn": { "Value": { "Fn::GetAtt": [ "MyRepository", "Arn" ] } } } }

YAML

Parameters: lifecyclePolicyText: Type: String repositoryName: Type: String registryId: Type: String Resources: MyRepository: Type: AWS::ECR::Repository Properties: LifecyclePolicy: LifecyclePolicyText: !Ref lifecyclePolicyText RegistryId: !Ref registryId RepositoryName: !Ref repositoryName Outputs: Arn: Value: !GetAtt MyRepository.Arn

本页内容: