This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::ECR::PullThroughCacheRule
The AWS::ECR::PullThroughCacheRule resource creates or updates a pull
            through cache rule. A pull through cache rule provides a way to cache images from an
            upstream registry in your Amazon ECR private registry.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ECR::PullThroughCacheRule", "Properties" : { "CredentialArn" :String, "CustomRoleArn" :String, "EcrRepositoryPrefix" :String, "UpstreamRegistry" :String, "UpstreamRegistryUrl" :String, "UpstreamRepositoryPrefix" :String} }
YAML
Type: AWS::ECR::PullThroughCacheRule Properties: CredentialArn:StringCustomRoleArn:StringEcrRepositoryPrefix:StringUpstreamRegistry:StringUpstreamRegistryUrl:StringUpstreamRepositoryPrefix:String
Properties
- CredentialArn
- 
                    The ARN of the Secrets Manager secret associated with the pull through cache rule. Required: No Type: String Pattern: ^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\-pullthroughcache\/[a-zA-Z0-9\/_+=.@-]+$Minimum: 50Maximum: 612Update requires: Replacement 
- CustomRoleArn
- 
                    The ARN of the IAM role associated with the pull through cache rule. Required: No Type: String Maximum: 2048Update requires: Replacement 
- EcrRepositoryPrefix
- 
                    The Amazon ECR repository prefix associated with the pull through cache rule. Required: No Type: String Pattern: ^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$Minimum: 2Maximum: 30Update requires: Replacement 
- UpstreamRegistry
- 
                    The name of the upstream source registry associated with the pull through cache rule. Required: No Type: String Allowed values: ecr | ecr-public | quay | k8s | docker-hub | github-container-registry | azure-container-registry | gitlab-container-registryUpdate requires: Replacement 
- UpstreamRegistryUrl
- 
                    The upstream registry URL associated with the pull through cache rule. Required: No Type: String Update requires: Replacement 
- UpstreamRepositoryPrefix
- 
                    The upstream repository prefix associated with the pull through cache rule. Required: No Type: String Pattern: ^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$Minimum: 2Maximum: 30Update requires: Replacement 
Examples
The following resource examples show how to create a pull through cache rule for a private registry.
Create a pull through cache rule for an upstream registry that requires authentication
The following example creates a pull through cache rule for the upstream
                    registry Docker Hub, which requires authentication. The authentication
                    credentials for the upstream registry must be stored in a Secrets Manager secret
                    with a secret name with a ecr-pullthroughcache/ prefix. You specify
                    the full Amazon Resource Name (ARN) of the secret. When the pull through cache
                    rule is used to pull images from the upstream registry, Amazon ECR will create
                    repositories in your private registry on your behalf with the
                        docker-hub prefix.
JSON
{ "Resources": { "MyECRPullThroughCacheRule": { "Type": "AWS::ECR::PullThroughCacheRule", "Properties": { "EcrRepositoryPrefix": "docker-hub", "UpstreamRegistryUrl": "registry-1.docker.io", "CredentialArn": "arn:aws:secretsmanager:us-east-2:111122223333:secret:ecr-pullthroughcache/example1234" } } } }
YAML
Resources: MyECRPullThroughCacheRule: Type: 'AWS::ECR::PullThroughCacheRule' Properties: EcrRepositoryPrefix: 'docker-hub' UpstreamRegistryUrl: 'registry-1.docker.io' CredentialArn: 'arn:aws:secretsmanager:us-east-2:111122223333:secret:ecr-pullthroughcache/example1234' UpstreamRegistry: 'docker-hub'
Create a pull through cache rule for an upstream registry that does not require authentication
The following example creates a pull through cache rule that caches
                    repositories with the name prefix ecr-public from the Amazon ECR
                    Public registry into your private registry.
JSON
{ "Resources": { "MyECRPullThroughCacheRule": { "Type": "AWS::ECR::PullThroughCacheRule", "Properties": { "EcrRepositoryPrefix": "ecr-public", "UpstreamRegistryUrl": "public.ecr.aws" } } } }
YAML
Resources: MyECRPullThroughCacheRule: Type: 'AWS::ECR::PullThroughCacheRule' Properties: EcrRepositoryPrefix: 'ecr-public' UpstreamRegistryUrl: 'public.ecr.aws' UpstreamRegistry: 'ecr-public'