Creates a repository. For more information, see Amazon ECR Repositories in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-repository
--repository-name <value>
[--tags <value>]
[--image-tag-mutability <value>]
[--image-scanning-configuration <value>]
[--encryption-configuration <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--repository-name
(string)
The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
).
--tags
(list)
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(structure)
The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key -> (string)
One part of a key-value pair that make up a tag. A
key
is a general label that acts like a category for more specific tag values.Value -> (string)
The optional part of a key-value pair that make up a tag. A
value
acts as a descriptor within a tag category (key).
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--image-tag-mutability
(string)
The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.Possible values:
MUTABLE
IMMUTABLE
--image-scanning-configuration
(structure)
The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
scanOnPush -> (boolean)
The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started with the StartImageScan API.
Shorthand Syntax:
scanOnPush=boolean
JSON Syntax:
{
"scanOnPush": true|false
}
--encryption-configuration
(structure)
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType -> (string)
The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with customer master keys (CMKs) stored in AWS KMS. When you use AWS KMS to encrypt your data, you can either use the default AWS managed CMK for Amazon ECR, or specify your own CMK, which you already created. For more information, see Protecting Data Using Server-Side Encryption with CMKs Stored in AWS Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. .If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide. .kmsKey -> (string)
If you use the
KMS
encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.
Shorthand Syntax:
encryptionType=string,kmsKey=string
JSON Syntax:
{
"encryptionType": "AES256"|"KMS",
"kmsKey": "string"
}
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
Example 1: To create a repository
The following create-repository
example creates a repository inside the specified namespace in the default registry for an account.
aws ecr create-repository \
--repository-name project-a/nginx-web-app
Output:
{
"repository": {
"registryId": "123456789012",
"repositoryName": "sample-repo",
"repositoryArn": "arn:aws:ecr:us-west-2:123456789012:repository/project-a/nginx-web-app"
}
}
For more information, see Creating a Repository in the Amazon ECR User Guide.
Example 2: To create a repository configured with image tag immutability
The following create-repository
example creates a repository configured for tag immutability in the default registry for an account.
aws ecr create-repository \
--repository-name sample-repo \
--image-tag-mutability IMMUTABLE
Output:
{
"repository": {
"registryId": "123456789012",
"repositoryName": "sample-repo",
"repositoryArn": "arn:aws:ecr:us-west-2:123456789012:repository/sample-repo",
"imageTagMutability": "IMMUTABLE"
}
}
For more information, see Image Tag Mutability in the Amazon ECR User Guide.
Example 3: To create a repository configured with a scanning configuration
The following create-repository
example creates a repository configured to perform a vulnerability scan on image push in the default registry for an account.
aws ecr create-repository \
--repository-name sample-repo \
--image-scanning-configuration scanOnPush=true
Output:
{
"repository": {
"registryId": "123456789012",
"repositoryName": "sample-repo",
"repositoryArn": "arn:aws:ecr:us-west-2:123456789012:repository/sample-repo",
"imageScanningConfiguration": {
"scanOnPush": true
}
}
}
For more information, see Image Scanning in the Amazon ECR User Guide.
repository -> (structure)
The repository that was created.
repositoryArn -> (string)
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the
arn:aws:ecr
namespace, followed by the region of the repository, AWS account ID of the repository owner, repository namespace, and repository name. For example,arn:aws:ecr:region:012345678910:repository/test
.registryId -> (string)
The AWS account ID associated with the registry that contains the repository.
repositoryName -> (string)
The name of the repository.
repositoryUri -> (string)
The URI for the repository. You can use this URI for container image
push
andpull
operations.createdAt -> (timestamp)
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability -> (string)
The tag mutability setting for the repository.
imageScanningConfiguration -> (structure)
The image scanning configuration for a repository.
scanOnPush -> (boolean)
The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started with the StartImageScan API.encryptionConfiguration -> (structure)
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType -> (string)
The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with customer master keys (CMKs) stored in AWS KMS. When you use AWS KMS to encrypt your data, you can either use the default AWS managed CMK for Amazon ECR, or specify your own CMK, which you already created. For more information, see Protecting Data Using Server-Side Encryption with CMKs Stored in AWS Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. .If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide. .kmsKey -> (string)
If you use the
KMS
encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.