Share via

Microsoft.AwsConnector ecrRepositories 2024-12-01

Bicep resource definition

The ecrRepositories resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/ecrRepositories resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.AwsConnector/ecrRepositories@2024-12-01' = {
  location: 'string'
  name: 'string'
  properties: {
    arn: 'string'
    awsAccountId: 'string'
    awsProperties: {
      arn: 'string'
      emptyOnDelete: bool
      encryptionConfiguration: {
        encryptionType: 'string'
        kmsKey: 'string'
      }
      imageScanningConfiguration: {
        scanOnPush: bool
      }
      imageTagMutability: 'string'
      lifecyclePolicy: {
        lifecyclePolicyText: 'string'
        registryId: 'string'
      }
      repositoryName: 'string'
      repositoryPolicyText: {
        {customized property}: any(...)
      }
      repositoryUri: 'string'
      tags: [
        {
          key: 'string'
          value: 'string'
        }
      ]
    }
    awsRegion: 'string'
    awsSourceSchema: 'string'
    awsTags: {
      {customized property}: 'string'
    }
    publicCloudConnectorsResourceId: 'string'
    publicCloudResourceName: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.AwsConnector/ecrRepositories

Name Description Value
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. EcrRepositoryProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

AwsEcrRepositoryProperties

Name Description Value
arn Property arn string
emptyOnDelete If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it. If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories. bool
encryptionConfiguration The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide. EncryptionConfiguration
imageScanningConfiguration The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository. The image scanning configuration for a repository. ImageScanningConfiguration
imageTagMutability The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. 'IMMUTABLE'
'MUTABLE'
lifecyclePolicy Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template. The LifecyclePolicy property type specifies a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template in the Amazon ECR User Guide. LifecyclePolicy
repositoryName The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
repositoryPolicyText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide. AwsEcrRepositoryPropertiesRepositoryPolicyText
repositoryUri Property repositoryUri string
tags An array of key-value pairs to apply to this resource. TagAutoGenerated24[]

AwsEcrRepositoryPropertiesRepositoryPolicyText

Name Description Value

EcrRepositoryProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsEcrRepositoryProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags EcrRepositoryPropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

EcrRepositoryPropertiesAwsTags

Name Description Value

EncryptionConfiguration

Name Description Value
encryptionType The encryption type to use. If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an key stored in (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the *Ama The encryption type to use. 'AES256'
'KMS'
kmsKey If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used. If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. string

ImageScanningConfiguration

Name Description Value
scanOnPush The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started. The setting that determines whether images are scanned after being pushed to a repository. bool

LifecyclePolicy

Name Description Value
lifecyclePolicyText The JSON repository policy text to apply to the repository. The JSON repository policy text to apply to the repository. string
registryId The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. string

TagAutoGenerated24

Name Description Value
key One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values. string
value A value acts as a descriptor within a tag category (key). string

TrackedResourceTags

Name Description Value

ARM template resource definition

The ecrRepositories resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/ecrRepositories resource, add the following JSON to your template.

{
  "type": "Microsoft.AwsConnector/ecrRepositories",
  "apiVersion": "2024-12-01",
  "name": "string",
  "location": "string",
  "properties": {
    "arn": "string",
    "awsAccountId": "string",
    "awsProperties": {
      "arn": "string",
      "emptyOnDelete": "bool",
      "encryptionConfiguration": {
        "encryptionType": "string",
        "kmsKey": "string"
      },
      "imageScanningConfiguration": {
        "scanOnPush": "bool"
      },
      "imageTagMutability": "string",
      "lifecyclePolicy": {
        "lifecyclePolicyText": "string",
        "registryId": "string"
      },
      "repositoryName": "string",
      "repositoryPolicyText": {
        "{customized property}": {}
      },
      "repositoryUri": "string",
      "tags": [
        {
          "key": "string",
          "value": "string"
        }
      ]
    },
    "awsRegion": "string",
    "awsSourceSchema": "string",
    "awsTags": {
      "{customized property}": "string"
    },
    "publicCloudConnectorsResourceId": "string",
    "publicCloudResourceName": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.AwsConnector/ecrRepositories

Name Description Value
apiVersion The api version '2024-12-01'
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. EcrRepositoryProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.AwsConnector/ecrRepositories'

AwsEcrRepositoryProperties

Name Description Value
arn Property arn string
emptyOnDelete If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it. If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories. bool
encryptionConfiguration The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide. EncryptionConfiguration
imageScanningConfiguration The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository. The image scanning configuration for a repository. ImageScanningConfiguration
imageTagMutability The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. 'IMMUTABLE'
'MUTABLE'
lifecyclePolicy Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template. The LifecyclePolicy property type specifies a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template in the Amazon ECR User Guide. LifecyclePolicy
repositoryName The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
repositoryPolicyText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide. AwsEcrRepositoryPropertiesRepositoryPolicyText
repositoryUri Property repositoryUri string
tags An array of key-value pairs to apply to this resource. TagAutoGenerated24[]

AwsEcrRepositoryPropertiesRepositoryPolicyText

Name Description Value

EcrRepositoryProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsEcrRepositoryProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags EcrRepositoryPropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

EcrRepositoryPropertiesAwsTags

Name Description Value

EncryptionConfiguration

Name Description Value
encryptionType The encryption type to use. If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an key stored in (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the *Ama The encryption type to use. 'AES256'
'KMS'
kmsKey If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used. If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. string

ImageScanningConfiguration

Name Description Value
scanOnPush The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started. The setting that determines whether images are scanned after being pushed to a repository. bool

LifecyclePolicy

Name Description Value
lifecyclePolicyText The JSON repository policy text to apply to the repository. The JSON repository policy text to apply to the repository. string
registryId The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. string

TagAutoGenerated24

Name Description Value
key One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values. string
value A value acts as a descriptor within a tag category (key). string

TrackedResourceTags

Name Description Value

Usage Examples

Terraform (AzAPI provider) resource definition

The ecrRepositories resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/ecrRepositories resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.AwsConnector/ecrRepositories@2024-12-01"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      arn = "string"
      awsAccountId = "string"
      awsProperties = {
        arn = "string"
        emptyOnDelete = bool
        encryptionConfiguration = {
          encryptionType = "string"
          kmsKey = "string"
        }
        imageScanningConfiguration = {
          scanOnPush = bool
        }
        imageTagMutability = "string"
        lifecyclePolicy = {
          lifecyclePolicyText = "string"
          registryId = "string"
        }
        repositoryName = "string"
        repositoryPolicyText = {
          {customized property} = ?
        }
        repositoryUri = "string"
        tags = [
          {
            key = "string"
            value = "string"
          }
        ]
      }
      awsRegion = "string"
      awsSourceSchema = "string"
      awsTags = {
        {customized property} = "string"
      }
      publicCloudConnectorsResourceId = "string"
      publicCloudResourceName = "string"
    }
  }
}

Property Values

Microsoft.AwsConnector/ecrRepositories

Name Description Value
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. EcrRepositoryProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.AwsConnector/ecrRepositories@2024-12-01"

AwsEcrRepositoryProperties

Name Description Value
arn Property arn string
emptyOnDelete If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it. If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories. bool
encryptionConfiguration The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide. EncryptionConfiguration
imageScanningConfiguration The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository. The image scanning configuration for a repository. ImageScanningConfiguration
imageTagMutability The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. 'IMMUTABLE'
'MUTABLE'
lifecyclePolicy Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template. The LifecyclePolicy property type specifies a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template in the Amazon ECR User Guide. LifecyclePolicy
repositoryName The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
repositoryPolicyText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide. AwsEcrRepositoryPropertiesRepositoryPolicyText
repositoryUri Property repositoryUri string
tags An array of key-value pairs to apply to this resource. TagAutoGenerated24[]

AwsEcrRepositoryPropertiesRepositoryPolicyText

Name Description Value

EcrRepositoryProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsEcrRepositoryProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags EcrRepositoryPropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

EcrRepositoryPropertiesAwsTags

Name Description Value

EncryptionConfiguration

Name Description Value
encryptionType The encryption type to use. If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an key stored in (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the *Ama The encryption type to use. 'AES256'
'KMS'
kmsKey If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used. If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. string

ImageScanningConfiguration

Name Description Value
scanOnPush The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started. The setting that determines whether images are scanned after being pushed to a repository. bool

LifecyclePolicy

Name Description Value
lifecyclePolicyText The JSON repository policy text to apply to the repository. The JSON repository policy text to apply to the repository. string
registryId The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed. string

TagAutoGenerated24

Name Description Value
key One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values. string
value A value acts as a descriptor within a tag category (key). string

TrackedResourceTags

Name Description Value