亚马逊 ECR 事件和 EventBridge - Amazon ECR
来自 Amazon ECR 的示例事件
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

亚马逊 ECR 事件和 EventBridge

Amazon EventBridge 使您能够实现 Amazon 服务自动化,并自动响应系统事件,例如应用程序可用性问题或资源更改。来自 Amazon 服务的事件几乎是实时的。 EventBridge 您可以编写简单规则来指示您关注的事件,并包括要在事件匹配规则时执行的自动化操作。可自动触发的操作包括:

  • 将事件添加到日志中的 CloudWatch 日志组

  • 调用函数 Amazon Lambda

  • 调用 Amazon EC2 Run Command

  • 将事件中继到 Amazon Kinesis Data Streams

  • 激活 Amazon Step Functions 状态机

  • 通知 Amazon SNS 主题或 Amazon SQS 队列

有关更多信息,请参阅《亚马逊 EventBridge 用户指南》 EventBridge中的 “亚马逊入门”。

来自 Amazon ECR 的示例事件

以下是来自 Amazon ECR 的示例事件。尽最大努力发出事件。

已完成镜像推送的事件

每个镜像推送完成后,将发送以下事件。有关更多信息,请参阅 将 Docker 镜像推送到亚马逊 ECR 私有存储库

{
    "version": "0",
    "id": "13cde686-328b-6117-af20-0e5566167482",
    "detail-type": "ECR Image Action",
    "source": "aws.ecr",
    "account": "123456789012",
    "time": "2019-11-16T01:54:34Z",
    "region": "us-west-2",
    "resources": [],
    "detail": {
        "result": "SUCCESS",
        "repository-name": "my-repository-name",
        "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
        "action-type": "PUSH",
        "image-tag": "latest"
    }
}

缓存提取操作的事件

尝试缓存提取操作时,将发送以下事件。有关更多信息,请参阅 将上游注册表与 Amazon ECR 私有注册表同步

{
    "version": "0",
    "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
    "detail-type": "ECR Pull Through Cache Action",
    "source": "aws.ecr",
    "account": "123456789012",
    "time": "2023-02-29T02:36:48Z",
    "region": "us-west-2",
    "resources": [
        "arn:aws:ecr:us-west-2:123456789012:repository/docker-hub/alpine"
    ],
    "detail": {
        "rule-version": "1",
        "sync-status": "SUCCESS",
        "ecr-repository-prefix": "docker-hub",
        "repository-name": "docker-hub/alpine",
        "upstream-registry-url": "public.ecr.aws",
        "image-tag": "3.17.2",
        "image-digest": "sha256:4aa08ef415aecc80814cb42fa41b658480779d80c77ab15EXAMPLE",
    }
}

已完成镜像扫描的事件(基本扫描)

为注册表启用基本扫描后,当每个镜像扫描完成时,会发送以下事件。finding-severity-counts 参数仅返回严重性级别的值 (如果存在)。例如,如果镜像不包含任何 CRITICAL 级别的结果,则不会返回任何关键计数。有关更多信息,请参阅 扫描图像以查找 Amazon ECR 中的操作系统漏洞

注意

有关启用增强扫描后 Amazon Inspector 发出的事件的详细信息,请参阅 EventBridge 为了在 Amazon ECR 中进行增强扫描而发送的事件

{
    "version": "0",
    "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
    "detail-type": "ECR Image Scan",
    "source": "aws.ecr",
    "account": "123456789012",
    "time": "2019-10-29T02:36:48Z",
    "region": "us-east-1",
    "resources": [
        "arn:aws:ecr:us-east-1:123456789012:repository/my-repository-name"
    ],
    "detail": {
        "scan-status": "COMPLETE",
        "repository-name": "my-repository-name",
        "finding-severity-counts": {
	       "CRITICAL": 10,
	       "MEDIUM": 9
	     },
        "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
        "image-tags": []
    }
}

启用了增强扫描的资源的变更通知事件(增强扫描)

为注册表启用增强扫描后,当启用了增强扫描的资源发生更改时,Amazon ECR 将发送以下事件。这包括正在创建的新存储库、正在更改的存储库的扫描频率,或者在启用了增强扫描功能的存储库中创建或删除镜像的时间。有关更多信息,请参阅 扫描图像以查找 Amazon ECR 中的软件漏洞

{
	"version": "0",
	"id": "0c18352a-a4d4-6853-ef53-0ab8638973bf",
	"detail-type": "ECR Scan Resource Change",
	"source": "aws.ecr",
	"account": "123456789012",
	"time": "2021-10-14T20:53:46Z",
	"region": "us-east-1",
	"resources": [],
	"detail": {
		"action-type": "SCAN_FREQUENCY_CHANGE",
		"repositories": [{
				"repository-name": "repository-1",
				"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-1",
				"scan-frequency": "SCAN_ON_PUSH",
				"previous-scan-frequency": "MANUAL"
			},
			{
				"repository-name": "repository-2",
				"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-2",
				"scan-frequency": "CONTINUOUS_SCAN",
				"previous-scan-frequency": "SCAN_ON_PUSH"
			},
			{
				"repository-name": "repository-3",
				"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-3",
				"scan-frequency": "CONTINUOUS_SCAN",
				"previous-scan-frequency": "SCAN_ON_PUSH"
			}
		],
		"resource-type": "REPOSITORY",
		"scan-type": "ENHANCED"
	}
}

镜像删除的事件

删除镜像时将发送以下事件。有关更多信息,请参阅 在 Amazon ECR 中删除图片

{
    "version": "0",
    "id": "dd3b46cb-2c74-f49e-393b-28286b67279d",
    "detail-type": "ECR Image Action",
    "source": "aws.ecr",
    "account": "123456789012",
    "time": "2019-11-16T02:01:05Z",
    "region": "us-west-2",
    "resources": [],
    "detail": {
        "result": "SUCCESS",
        "repository-name": "my-repository-name",
        "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
        "action-type": "DELETE",
        "image-tag": "latest"
    }
}

已完成映像复制的事件

每次映像复制完成后,都会发送以下事件。有关更多信息,请参阅 在 Amazon ECR 中复制私有镜像

{
  "version": "0",
  "id": "c8b133b1-6029-ee73-e2a1-4f466b8ba999",
  "detail-type": "ECR Replication Action",
  "source": "aws.ecr",
  "account": "123456789012",
  "time": "2024-05-08T20:44:54Z",
  "region": "us-east-1",
  "resources": [
    "arn:aws:ecr:us-east-1:123456789012:repository/docker-hub/alpine"
  ],
  "detail": {
    "result": "SUCCESS",
    "repository-name": "docker-hub/alpine",
    "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
    "source-account": "123456789012",
    "action-type": "REPLICATE",
    "source-region": "us-west-2",
    "image-tag": "3.17.2"
  }
}