Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
create-repository-creation-template
--prefix <value>
[--description <value>]
[--encryption-configuration <value>]
[--resource-tags <value>]
[--image-tag-mutability <value>]
[--repository-policy <value>]
[--lifecycle-policy <value>]
--applied-for <value>
[--custom-role-arn <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
--prefix
(string)
The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of
prod
would apply to all repositories beginning withprod/
. Similarly, a prefix ofprod/team
would apply to all repositories beginning withprod/team/
.To apply a template to all repositories in your registry that don’t have an associated creation template, you can use
ROOT
as the prefix.Warning
There is always an assumed/
applied to the end of the prefix. If you specifyecr-public
as the prefix, Amazon ECR treats that asecr-public/
. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.
--description
(string)
A description for the repository creation template.
--encryption-configuration
(structure)
The encryption configuration to use for repositories created using the template.
encryptionType -> (string)
The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .kmsKey -> (string)
If you use theKMS
encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
Shorthand Syntax:
encryptionType=string,kmsKey=string
JSON Syntax:
{
"encryptionType": "AES256"|"KMS"|"KMS_DSSE",
"kmsKey": "string"
}
--resource-tags
(list)
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(structure)
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key -> (string)
One part of a key-value pair that make up a tag. Akey
is a general label that acts like a category for more specific tag values.Value -> (string)
Avalue
acts as a descriptor within a tag category (key).
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--image-tag-mutability
(string)
The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.Possible values:
MUTABLE
IMMUTABLE
--repository-policy
(string)
The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
--lifecycle-policy
(string)
The lifecycle policy to use for repositories created using the template.
--applied-for
(list)
A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are
PULL_THROUGH_CACHE
andREPLICATION
(string)
Syntax:
"string" "string" ...
Where valid values are:
REPLICATION
PULL_THROUGH_CACHE
--custom-role-arn
(string)
The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn’t specified, Amazon ECR will use the service-linked role for the repository creation template.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command’s default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
--cli-binary-format
(string)
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb://
will always be treated as binary and use the file contents directly regardless of the cli-binary-format
setting. When using file://
the file contents will need to properly formatted for the configured cli-binary-format
.
--no-cli-pager
(boolean)
Disable cli pager for output.
--cli-auto-prompt
(boolean)
Automatically prompt for CLI input parameters.
--no-cli-auto-prompt
(boolean)
Disable automatically prompt for CLI input parameters.
registryId -> (string)
The registry ID associated with the request.
repositoryCreationTemplate -> (structure)
The details of the repository creation template associated with the request.
prefix -> (string)
The repository namespace prefix associated with the repository creation template.description -> (string)
The description associated with the repository creation template.encryptionConfiguration -> (structure)
The encryption configuration associated with the repository creation template.
encryptionType -> (string)
The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .kmsKey -> (string)
If you use theKMS
encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.resourceTags -> (list)
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(structure)
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key -> (string)
One part of a key-value pair that make up a tag. Akey
is a general label that acts like a category for more specific tag values.Value -> (string)
Avalue
acts as a descriptor within a tag category (key).imageTagMutability -> (string)
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.repositoryPolicy -> (string)
he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.lifecyclePolicy -> (string)
The lifecycle policy to use for repositories created using the template.appliedFor -> (list)
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string)
customRoleArn -> (string)
The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn’t specified, Amazon ECR will use the service-linked role for the repository creation template.createdAt -> (timestamp)
The date and time, in JavaScript date format, when the repository creation template was created.updatedAt -> (timestamp)
The date and time, in JavaScript date format, when the repository creation template was last updated.