ECR / Client / create_repository
create_repository#
- ECR.Client.create_repository(**kwargs)#
Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.
See also: AWS API Documentation
Request Syntax
response = client.create_repository( registryId='string', repositoryName='string', tags=[ { 'Key': 'string', 'Value': 'string' }, ], imageTagMutability='MUTABLE'|'IMMUTABLE', imageScanningConfiguration={ 'scanOnPush': True|False }, encryptionConfiguration={ 'encryptionType': 'AES256'|'KMS', 'kmsKey': 'string' } )
- Parameters:
registryId (string) – The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.
repositoryName (string) –
[REQUIRED]
The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app).The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.
tags (list) –
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) –
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) – [REQUIRED]
One part of a key-value pair that make up a tag. A
keyis a general label that acts like a category for more specific tag values.Value (string) – [REQUIRED]
A
valueacts as a descriptor within a tag category (key).
imageTagMutability (string) – The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLEwill be used which will allow image tags to be overwritten. IfIMMUTABLEis specified, all image tags within the repository will be immutable which will prevent them from being overwritten.imageScanningConfiguration (dict) –
The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
scanOnPush (boolean) –
The setting that determines whether images are scanned after being pushed to a repository. If set to
true, images will be scanned after being pushed. If this parameter is not specified, it will default tofalseand images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) –
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) – [REQUIRED]
The encryption type to use.
If you use the
KMSencryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.If you use the
AES256encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.kmsKey (string) –
If you use the
KMSencryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
- Return type:
dict
- Returns:
Response Syntax
{ 'repository': { 'repositoryArn': 'string', 'registryId': 'string', 'repositoryName': 'string', 'repositoryUri': 'string', 'createdAt': datetime(2015, 1, 1), 'imageTagMutability': 'MUTABLE'|'IMMUTABLE', 'imageScanningConfiguration': { 'scanOnPush': True|False }, 'encryptionConfiguration': { 'encryptionType': 'AES256'|'KMS', 'kmsKey': 'string' } } }
Response Structure
(dict) –
repository (dict) –
The repository that was created.
repositoryArn (string) –
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the
arn:aws:ecrnamespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example,arn:aws:ecr:region:012345678910:repository-namespace/repository-name.registryId (string) –
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) –
The name of the repository.
repositoryUri (string) –
The URI for the repository. You can use this URI for container image
pushandpulloperations.createdAt (datetime) –
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) –
The tag mutability setting for the repository.
imageScanningConfiguration (dict) –
The image scanning configuration for a repository.
scanOnPush (boolean) –
The setting that determines whether images are scanned after being pushed to a repository. If set to
true, images will be scanned after being pushed. If this parameter is not specified, it will default tofalseand images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) –
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) –
The encryption type to use.
If you use the
KMSencryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.If you use the
AES256encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.kmsKey (string) –
If you use the
KMSencryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
Exceptions
Examples
This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account.
response = client.create_repository( repositoryName='project-a/nginx-web-app', ) print(response)
Expected Output:
{ 'repository': { 'registryId': '012345678901', 'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app', 'repositoryName': 'project-a/nginx-web-app', }, 'ResponseMetadata': { '...': '...', }, }