亚马逊 ECR 事件和 EventBridge - Amazon ECR
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

亚马逊 ECR 事件和 EventBridge

Amazon EventBridge 使您能够实现 Amazon 服务自动化,并自动响应系统事件,例如应用程序可用性问题或资源更改。来自 Amazon 服务的事件几乎实时 EventBridge 地传送到。您可以编写简单规则来指示您关注的事件,并包括要在事件匹配规则时执行的自动化操作。可自动触发的操作包括:

  • 将事件添加到日志中的 CloudWatch 日志组

  • 调用函数 Amazon Lambda

  • 调用 Amazon EC2 Run Command

  • 将事件中继到 Amazon Kinesis Data Streams

  • 激活 Amazon Step Functions 状态机

  • 通知 Amazon SNS 主题或 Amazon SQS 队列

有关更多信息,请参阅《亚马逊 EventBridge 用户指南》 EventBridge中的 “亚马逊入门”。

来自 Amazon ECR 的示例事件

以下是来自 Amazon ECR 的示例事件。尽最大努力发出事件。

已完成镜像推送的事件

每个镜像推送完成后,将发送以下事件。有关更多信息,请参阅 将 Docker 镜像推送到亚马逊 ECR 私有存储库

{ "version": "0", "id": "13cde686-328b-6117-af20-0e5566167482", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-11-16T01:54:34Z", "region": "us-west-2", "resources": [], "detail": { "result": "SUCCESS", "repository-name": "my-repository-name", "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "action-type": "PUSH", "image-tag": "latest" } }

缓存提取操作的事件

尝试缓存提取操作时,将发送以下事件。有关更多信息,请参阅 将上游注册表与 Amazon ECR 私有注册表同步

{ "version": "0", "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae", "detail-type": "ECR Pull Through Cache Action", "source": "aws.ecr", "account": "123456789012", "time": "2023-02-29T02:36:48Z", "region": "us-west-2", "resources": [ "arn:aws:ecr:us-west-2:123456789012:repository/docker-hub/alpine" ], "detail": { "rule-version": "1", "sync-status": "SUCCESS", "ecr-repository-prefix": "docker-hub", "repository-name": "docker-hub/alpine", "upstream-registry-url": "public.ecr.aws", "image-tag": "3.17.2", "image-digest": "sha256:4aa08ef415aecc80814cb42fa41b658480779d80c77ab15EXAMPLE", } }

已完成镜像扫描的事件(基本扫描)

为注册表启用基本扫描后,当每个镜像扫描完成时,会发送以下事件。finding-severity-counts 参数仅返回严重性级别的值 (如果存在)。例如,如果镜像不包含任何 CRITICAL 级别的结果,则不会返回任何关键计数。有关更多信息,请参阅 扫描图像以查找 Amazon ECR 中的操作系统漏洞

注意

有关启用增强扫描后 Amazon Inspector 发出的事件的详细信息,请参阅 EventBridge 为了在 Amazon ECR 中进行增强扫描而发送的事件

{ "version": "0", "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae", "detail-type": "ECR Image Scan", "source": "aws.ecr", "account": "123456789012", "time": "2019-10-29T02:36:48Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/my-repository-name" ], "detail": { "scan-status": "COMPLETE", "repository-name": "my-repository-name", "finding-severity-counts": { "CRITICAL": 10, "MEDIUM": 9 }, "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "image-tags": [] } }

启用了增强扫描的资源的变更通知事件(增强扫描)

为注册表启用增强扫描后,当启用了增强扫描的资源发生更改时,Amazon ECR 将发送以下事件。这包括正在创建的新存储库、正在更改的存储库的扫描频率,或者在启用了增强扫描功能的存储库中创建或删除镜像的时间。有关更多信息,请参阅 扫描图像以查找 Amazon ECR 中的软件漏洞

{ "version": "0", "id": "0c18352a-a4d4-6853-ef53-0ab8638973bf", "detail-type": "ECR Scan Resource Change", "source": "aws.ecr", "account": "123456789012", "time": "2021-10-14T20:53:46Z", "region": "us-east-1", "resources": [], "detail": { "action-type": "SCAN_FREQUENCY_CHANGE", "repositories": [{ "repository-name": "repository-1", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-1", "scan-frequency": "SCAN_ON_PUSH", "previous-scan-frequency": "MANUAL" }, { "repository-name": "repository-2", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-2", "scan-frequency": "CONTINUOUS_SCAN", "previous-scan-frequency": "SCAN_ON_PUSH" }, { "repository-name": "repository-3", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-3", "scan-frequency": "CONTINUOUS_SCAN", "previous-scan-frequency": "SCAN_ON_PUSH" } ], "resource-type": "REPOSITORY", "scan-type": "ENHANCED" } }

镜像删除的事件

删除镜像时将发送以下事件。有关更多信息,请参阅 在 Amazon ECR 中删除图片

{ "version": "0", "id": "dd3b46cb-2c74-f49e-393b-28286b67279d", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-11-16T02:01:05Z", "region": "us-west-2", "resources": [], "detail": { "result": "SUCCESS", "repository-name": "my-repository-name", "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "action-type": "DELETE", "image-tag": "latest" } }