"documentation":"<p>Checks the availability of one or more image layers in a repository.</p> <p>When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<p>Deletes a list of specified images within a repository. Images are specified with either an <code>imageTag</code> or <code>imageDigest</code>.</p> <p>You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.</p> <p>You can completely delete an image (and all of its tags) by specifying the image's digest in your request.</p>"
"documentation":"<p>Gets detailed information for an image. Images are specified with either an <code>imageTag</code> or <code>imageDigest</code>.</p> <p>When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.</p>"
"documentation":"<p>Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a <code>sha256</code> digest of the image layer for data validation purposes.</p> <p>When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<p>Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an external public registry in your Amazon ECR private registry.</p>"
"documentation":"<p>Creates a repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html\">Amazon ECR repositories</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Deletes a repository. If the repository contains images, you must either delete all images in the repository or use the <code>force</code> option to delete the repository.</p>"
"documentation":"<p>Returns metadata about the images in a repository.</p> <note> <p>Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the <code>docker images</code> command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by <a>DescribeImages</a>.</p> </note>"
"documentation":"<p>Describes the settings for a registry. The replication configuration for a repository can be created or updated with the <a>PutReplicationConfiguration</a> API action.</p>"
"documentation":"<p>Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.</p> <p>The <code>authorizationToken</code> returned is a base64 encoded string that can be decoded and used in a <code>docker login</code> command to authenticate to a registry. The CLI offers an <code>get-login-password</code> command that simplifies the login process. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth\">Registry authentication</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.</p> <p>When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<p>Notifies Amazon ECR that you intend to upload an image layer.</p> <p>When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<p>Lists all the image IDs for the specified repository.</p> <p>You can filter images based on whether or not they are tagged by using the <code>tagStatus</code> filter and specifying either <code>TAGGED</code>, <code>UNTAGGED</code> or <code>ANY</code>. For example, you can filter your results to return only <code>UNTAGGED</code> images and then pipe that result to a <a>BatchDeleteImage</a> operation to delete them. Or, you can filter your results to return only <code>TAGGED</code> images to list all of the tags in your repository.</p>"
"documentation":"<p>Creates or updates the image manifest and tags associated with an image.</p> <p>When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<important> <p>The <code>PutImageScanningConfiguration</code> API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see <a>PutRegistryScanningConfiguration</a>.</p> </important> <p>Updates the image scanning configuration for the specified repository.</p>"
"documentation":"<p>Updates the image tag mutability settings for the specified repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html\">Image tag mutability</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Creates or updates the lifecycle policy for the specified repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html\">Lifecycle policy template</a>.</p>"
"documentation":"<p>Creates or updates the permissions policy for your registry.</p> <p>A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html\">Registry permissions</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the <a>DescribeRegistry</a> API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECR</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p> <note> <p>When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see <a>PutRegistryPolicy</a>.</p> </note>"
"documentation":"<p>Applies a repository policy to the specified repository to control access permissions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html\">Amazon ECR Repository policies</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html\">Image scanning</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.</p>"
"documentation":"<p>Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.</p>"
},
"UntagResource":{
"name":"UntagResource",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"UntagResourceRequest"},
"output":{"shape":"UntagResourceResponse"},
"errors":[
{"shape":"InvalidParameterException"},
{"shape":"InvalidTagParameterException"},
{"shape":"TooManyTagsException"},
{"shape":"RepositoryNotFoundException"},
{"shape":"ServerException"}
],
"documentation":"<p>Deletes specified tags from a resource.</p>"
"documentation":"<p>Uploads an image layer part to Amazon ECR.</p> <p>When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
"documentation":"<p>A base64-encoded string that contains authorization data for the specified Amazon ECR registry. When the string is decoded, it is presented in the format <code>user:password</code> for private registry authentication using <code>docker login</code>.</p>"
},
"expiresAt":{
"shape":"ExpirationTimestamp",
"documentation":"<p>The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.</p>"
"documentation":"<p>The registry URL to use for this authorization token in a <code>docker login</code> command. The Amazon ECR registry URL format is <code>https://aws_account_id.dkr.ecr.region.amazonaws.com</code>. For example, <code>https://012345678910.dkr.ecr.us-east-1.amazonaws.com</code>.. </p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the image layers to check. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the image to delete. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The repository that contains the image to delete.</p>"
},
"imageIds":{
"shape":"ImageIdentifierList",
"documentation":"<p>A list of image ID references that correspond to images to delete. The format of the <code>imageIds</code> reference is <code>imageTag=tag</code> or <code>imageDigest=digest</code>.</p>"
}
},
"documentation":"<p>Deletes specified images within a specified repository. Images are specified with either the <code>imageTag</code> or <code>imageDigest</code>.</p>"
},
"BatchDeleteImageResponse":{
"type":"structure",
"members":{
"imageIds":{
"shape":"ImageIdentifierList",
"documentation":"<p>The image IDs of the deleted images.</p>"
},
"failures":{
"shape":"ImageFailureList",
"documentation":"<p>Any failures associated with the call.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the images to describe. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The repository that contains the images to describe.</p>"
},
"imageIds":{
"shape":"ImageIdentifierList",
"documentation":"<p>A list of image ID references that correspond to images to describe. The format of the <code>imageIds</code> reference is <code>imageTag=tag</code> or <code>imageDigest=digest</code>.</p>"
"documentation":"<p>The accepted media types for the request.</p> <p>Valid values: <code>application/vnd.docker.distribution.manifest.v1+json</code> | <code>application/vnd.docker.distribution.manifest.v2+json</code> | <code>application/vnd.oci.image.manifest.v1+json</code> </p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry to which to upload layers. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The repository name prefix to use when caching images from the source registry.</p>"
},
"upstreamRegistryUrl":{
"shape":"Url",
"documentation":"<p>The registry URL of the upstream public registry to use as the source for the pull through cache rule.</p>"
},
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.</p>"
}
}
},
"CreatePullThroughCacheRuleResponse":{
"type":"structure",
"members":{
"ecrRepositoryPrefix":{
"shape":"PullThroughCacheRuleRepositoryPrefix",
"documentation":"<p>The Amazon ECR repository prefix associated with the pull through cache rule.</p>"
},
"upstreamRegistryUrl":{
"shape":"Url",
"documentation":"<p>The upstream registry URL associated with the pull through cache rule.</p>"
},
"createdAt":{
"shape":"CreationTimestamp",
"documentation":"<p>The date and time, in JavaScript date format, when the pull through cache rule was created.</p>"
},
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The name to use for the repository. The repository name may be specified on its own (such as <code>nginx-web-app</code>) or it can be prepended with a namespace to group the repository into a category (such as <code>project-a/nginx-web-app</code>).</p>"
"documentation":"<p>The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
},
"imageTagMutability":{
"shape":"ImageTagMutability",
"documentation":"<p>The tag mutability setting for the repository. If this parameter is omitted, the default setting of <code>MUTABLE</code> will be used which will allow image tags to be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>"
"documentation":"<p>The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.</p>"
},
"encryptionConfiguration":{
"shape":"EncryptionConfiguration",
"documentation":"<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon ECR repository prefix associated with the pull through cache rule to delete.</p>"
},
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.</p>"
}
}
},
"DeletePullThroughCacheRuleResponse":{
"type":"structure",
"members":{
"ecrRepositoryPrefix":{
"shape":"PullThroughCacheRuleRepositoryPrefix",
"documentation":"<p>The Amazon ECR repository prefix associated with the request.</p>"
},
"upstreamRegistryUrl":{
"shape":"Url",
"documentation":"<p>The upstream registry URL associated with the pull through cache rule.</p>"
},
"createdAt":{
"shape":"CreationTimestamp",
"documentation":"<p>The timestamp associated with the pull through cache rule.</p>"
},
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The name of the repository that the image is in.</p>"
},
"imageId":{"shape":"ImageIdentifier"},
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The Amazon Web Services account ID associated with the registry. If you do not specify a registry, the default registry is assumed.</p>"
}
}
},
"DescribeImageReplicationStatusResponse":{
"type":"structure",
"members":{
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the request.</p>"
},
"imageId":{"shape":"ImageIdentifier"},
"replicationStatuses":{
"shape":"ImageReplicationStatusList",
"documentation":"<p>The replication status details for the images in the specified repository.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The repository for the image for which to describe the scan findings.</p>"
},
"imageId":{"shape":"ImageIdentifier"},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribeImageScanFindings</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is null when there are no more results to return.</p>"
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of image scan results returned by <code>DescribeImageScanFindings</code> in paginated output. When this parameter is used, <code>DescribeImageScanFindings</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeImageScanFindings</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeImageScanFindings</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>"
}
}
},
"DescribeImageScanFindingsResponse":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
},
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the request.</p>"
},
"imageId":{"shape":"ImageIdentifier"},
"imageScanStatus":{
"shape":"ImageScanStatus",
"documentation":"<p>The current state of the scan.</p>"
},
"imageScanFindings":{
"shape":"ImageScanFindings",
"documentation":"<p>The information contained in the image scan findings.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribeImageScanFindings</code> request. When the results of a <code>DescribeImageScanFindings</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.</p>"
"documentation":"<p>The tag status with which to filter your <a>DescribeImages</a> results. You can filter results based on whether they are <code>TAGGED</code> or <code>UNTAGGED</code>.</p>"
}
},
"documentation":"<p>An object representing a filter on a <a>DescribeImages</a> operation.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribeImages</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return. This option cannot be used when you specify images with <code>imageIds</code>.</p>"
"documentation":"<p>The maximum number of repository results returned by <code>DescribeImages</code> in paginated output. When this parameter is used, <code>DescribeImages</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeImages</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeImages</code> returns up to 100 results and a <code>nextToken</code> value, if applicable. This option cannot be used when you specify images with <code>imageIds</code>.</p>"
"documentation":"<p>The filter key and value with which to filter your <code>DescribeImages</code> results.</p>"
}
}
},
"DescribeImagesResponse":{
"type":"structure",
"members":{
"imageDetails":{
"shape":"ImageDetailList",
"documentation":"<p>A list of <a>ImageDetail</a> objects that contain data about the image.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribeImages</code> request. When the results of a <code>DescribeImages</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribePullThroughCacheRulesRequest</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is null when there are no more results to return.</p>"
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of pull through cache rules returned by <code>DescribePullThroughCacheRulesRequest</code> in paginated output. When this parameter is used, <code>DescribePullThroughCacheRulesRequest</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribePullThroughCacheRulesRequest</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribePullThroughCacheRulesRequest</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>"
}
}
},
"DescribePullThroughCacheRulesResponse":{
"type":"structure",
"members":{
"pullThroughCacheRules":{
"shape":"PullThroughCacheRuleList",
"documentation":"<p>The details of the pull through cache rules.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribePullThroughCacheRulesRequest</code> request. When the results of a <code>DescribePullThroughCacheRulesRequest</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribeRepositories</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return. This option cannot be used when you specify repositories with <code>repositoryNames</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
"documentation":"<p>The maximum number of repository results returned by <code>DescribeRepositories</code> in paginated output. When this parameter is used, <code>DescribeRepositories</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeRepositories</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeRepositories</code> returns up to 100 results and a <code>nextToken</code> value, if applicable. This option cannot be used when you specify repositories with <code>repositoryNames</code>.</p>"
"documentation":"<p>A list of repository objects corresponding to valid repositories.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribeRepositories</code> request. When the results of a <code>DescribeRepositories</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
}
}
},
"EmptyUploadException":{
"type":"structure",
"members":{
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified layer upload does not contain any layer parts.</p>",
"documentation":"<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>"
"documentation":"<p>If you use the <code>KMS</code> encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.</p>"
"documentation":"<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p> <p>By default, when no encryption configuration is set or the <code>AES256</code> encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.</p> <p>For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html\">Amazon ECR encryption at rest</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.</p>",
"deprecatedMessage":"This field is deprecated. The returned authorization token can be used to access any Amazon ECR registry that the IAM principal has access to, specifying a registry ID doesn't change the permissions scope of the authorization token."
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated
 <code>GetLifecyclePolicyPreviewRequest</code> request where <code>maxResults</code> was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the <code>nextToken</code> value. This value is
 <code>null</code> when there are no more results to return. This option cannot be used when you specify images with <code>imageIds</code>.</p>"
"documentation":"<p>The maximum number of repository results returned by <code>GetLifecyclePolicyPreviewRequest</code> in
 paginated output. When this parameter is used, <code>GetLifecyclePolicyPreviewRequest</code> only returns
 <code>maxResults</code> results in a single page along with a <code>nextToken</code>
 response element. The remaining results of the initial request can be seen by sending
 another <code>GetLifecyclePolicyPreviewRequest</code> request with the returned <code>nextToken</code>
 value. This value can be between 1 and 1000. If this
 parameter is not used, then <code>GetLifecyclePolicyPreviewRequest</code> returns up to
 100 results and a <code>nextToken</code> value, if
 applicable. This option cannot be used when you specify images with <code>imageIds</code>.</p>"
"documentation":"<p>The status of the lifecycle policy preview request.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>GetLifecyclePolicyPreview</code> request. When the results of a <code>GetLifecyclePolicyPreview</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
},
"previewResults":{
"shape":"LifecyclePolicyPreviewResultList",
"documentation":"<p>The results of the lifecycle policy preview request.</p>"
},
"summary":{
"shape":"LifecyclePolicyPreviewSummary",
"documentation":"<p>The list of images that is returned as a result of the action.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The size, in bytes, of the image in the repository.</p> <p>If the image is a manifest list, this will be the max size of all manifests in the list.</p> <note> <p>Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the <code>docker images</code> command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by <a>DescribeImages</a>.</p> </note>"
"documentation":"<p>The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.</p> <note> <p>Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the <code>lastRecordedPullTime</code> timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the <code>lastRecordedPullTime</code> timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.</p> </note>"
"documentation":"<p>The setting that determines whether images are scanned after being pushed to a repository. If set to <code>true</code>, images will be scanned after being pushed. If this parameter is not specified, it will default to <code>false</code> and images will not be scanned unless a scan is manually started with the <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_StartImageScan.html\">API_StartImageScan</a> API.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry to which you intend to upload layers. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The upload ID for the layer upload. This parameter is passed to further <a>UploadLayerPart</a> and <a>CompleteLayerUpload</a> operations.</p>"
},
"partSize":{
"shape":"PartSize",
"documentation":"<p>The size, in bytes, that Amazon ECR expects future layer part uploads to be.</p>"
}
}
},
"InvalidLayerException":{
"type":"structure",
"members":{
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The layer digest calculation performed by Amazon ECR upon receipt of the image layer does not match the digest specified.</p>",
"exception":true
},
"InvalidLayerPartException":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the exception.</p>"
},
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the exception.</p>"
},
"uploadId":{
"shape":"UploadId",
"documentation":"<p>The upload ID associated with the exception.</p>"
},
"lastValidByteReceived":{
"shape":"PartSize",
"documentation":"<p>The last valid byte received from the layer part upload that is associated with the exception.</p>"
},
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The layer part size is not valid, or the first byte specified is not consecutive to the last byte of a previous layer part upload.</p>",
"exception":true
},
"InvalidParameterException":{
"type":"structure",
"members":{
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified parameter is invalid. Review the available parameters for the API request.</p>",
"documentation":"<p>An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>",
"documentation":"<p>The media type of the layer, such as <code>application/vnd.docker.image.rootfs.diff.tar.gzip</code> or <code>application/vnd.oci.image.layer.v1.tar+gzip</code>.</p>"
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified layer is not available because it is not associated with an image. Unassociated image layers may be cleaned up at any time.</p>",
"documentation":"<p>The operation did not succeed because it would have exceeded a service limit for your account. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html\">Amazon ECR service quotas</a> in the Amazon Elastic Container Registry User Guide.</p>",
"documentation":"<p>The tag status with which to filter your <a>ListImages</a> results. You can filter results based on whether they are <code>TAGGED</code> or <code>UNTAGGED</code>.</p>"
}
},
"documentation":"<p>An object representing a filter on a <a>ListImages</a> operation.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to list images. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>ListImages</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
"documentation":"<p>The maximum number of image results returned by <code>ListImages</code> in paginated output. When this parameter is used, <code>ListImages</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListImages</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>ListImages</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>"
"documentation":"<p>The list of image IDs for the requested repository.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The <code>nextToken</code> value to include in a future <code>ListImages</code> request. When the results of a <code>ListImages</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.</p>"
}
}
},
"ListTagsForResourceResponse":{
"type":"structure",
"members":{
"tags":{
"shape":"TagList",
"documentation":"<p>The tags for the resource.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to put the image. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The media type of the image manifest. If you push an image manifest that does not contain the <code>mediaType</code> field, you must specify the <code>imageManifestMediaType</code> in the request.</p>"
"documentation":"<p>The tag to associate with the image. This parameter is required for images that use the Docker Image Manifest V2 Schema 2 or Open Container Initiative (OCI) formats.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image scanning configuration setting. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The name of the repository in which to update the image scanning configuration setting.</p>"
},
"imageScanningConfiguration":{
"shape":"ImageScanningConfiguration",
"documentation":"<p>The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.</p>"
}
}
},
"PutImageScanningConfigurationResponse":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
},
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the request.</p>"
},
"imageScanningConfiguration":{
"shape":"ImageScanningConfiguration",
"documentation":"<p>The image scanning configuration setting for the repository.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to update the image tag mutability settings. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The name of the repository in which to update the image tag mutability settings.</p>"
},
"imageTagMutability":{
"shape":"ImageTagMutability",
"documentation":"<p>The tag mutability setting for the repository. If <code>MUTABLE</code> is specified, image tags can be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>"
}
}
},
"PutImageTagMutabilityResponse":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
},
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the request.</p>"
},
"imageTagMutability":{
"shape":"ImageTagMutability",
"documentation":"<p>The image tag mutability setting for the repository.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do
 not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The JSON policy text to apply to your registry. The policy text follows the same format as IAM policy text. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html\">Registry permissions</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
}
}
},
"PutRegistryPolicyResponse":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID.</p>"
},
"policyText":{
"shape":"RegistryPolicyText",
"documentation":"<p>The JSON policy text for your registry.</p>"
"documentation":"<p>The scanning type to set for the registry.</p> <p>When a registry scanning configuration is not defined, by default the <code>BASIC</code> scan type is used. When basic scanning is used, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed to those repositories. Alternatively, you can do manual scans of images with basic scanning.</p> <p>When the <code>ENHANCED</code> scan type is set, Amazon Inspector provides automated vulnerability scanning. You may choose between continuous scanning or scan on push and you may specify filters to determine which individual repositories, or all repositories, are scanned.</p>"
"documentation":"<p>The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.</p>"
}
}
},
"PutRegistryScanningConfigurationResponse":{
"type":"structure",
"members":{
"registryScanningConfiguration":{
"shape":"RegistryScanningConfiguration",
"documentation":"<p>The scanning configuration for your registry.</p>"
"documentation":"<p>The frequency that scans are performed at for a private registry. When the <code>ENHANCED</code> scan type is specified, the supported scan frequencies are <code>CONTINUOUS_SCAN</code> and <code>SCAN_ON_PUSH</code>. When the <code>BASIC</code> scan type is specified, the <code>SCAN_ON_PUSH</code> and <code>MANUAL</code> scan frequencies are supported.</p>"
"documentation":"<p>The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.</p>"
"documentation":"<p>An array of objects representing the destination for a replication rule.</p>"
},
"repositoryFilters":{
"shape":"RepositoryFilterList",
"documentation":"<p>An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the <code>arn:aws:ecr</code> namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, <code>arn:aws:ecr:region:012345678910:repository/test</code>.</p>"
"documentation":"<p>The repository filter details. When the <code>PREFIX_MATCH</code> filter type is specified, this value is required and should be the repository name prefix to configure replication for.</p>"
},
"filterType":{
"shape":"RepositoryFilterType",
"documentation":"<p>The repository filter type. The only supported value is <code>PREFIX_MATCH</code>, which is a repository name prefix specified with the <code>filter</code> parameter.</p>"
}
},
"documentation":"<p>The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.</p>"
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified repository contains images. To delete a repository that contains images, you must force the deletion with the <code>force</code> parameter.</p>",
"exception":true
},
"RepositoryNotFoundException":{
"type":"structure",
"members":{
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.</p>",
"exception":true
},
"RepositoryPolicyNotFoundException":{
"type":"structure",
"members":{
"message":{
"shape":"ExceptionMessage",
"documentation":"<p>The error message associated with the exception.</p>"
}
},
"documentation":"<p>The specified repository and registry combination does not have an associated repository policy.</p>",
"documentation":"<p>The details of a scanning repository filter. For more information on how to use filters, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters\">Using filters</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The JSON repository policy text to apply to the repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html\">Amazon ECR repository policies</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
"documentation":"<p>If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the <a>SetRepositoryPolicy</a> operation. This is intended to prevent accidental repository lock outs.</p>"
}
}
},
"SetRepositoryPolicyResponse":{
"type":"structure",
"members":{
"registryId":{
"shape":"RegistryId",
"documentation":"<p>The registry ID associated with the request.</p>"
},
"repositoryName":{
"shape":"RepositoryName",
"documentation":"<p>The repository name associated with the request.</p>"
},
"policyText":{
"shape":"RepositoryPolicyText",
"documentation":"<p>The JSON repository policy text applied to the repository.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to start an image scan request. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<p>One part of a key-value pair that make up a tag. A <code>key</code> is a general label that acts like a category for more specific tag values.</p>"
"documentation":"<p>The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.</p>"
},
"tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.</p>"
},
"tagKeys":{
"shape":"TagKeyList",
"documentation":"<p>The keys of the tags to be removed.</p>"
"documentation":"<p>The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.</p>"
"documentation":"<fullname>Amazon Elastic Container Registry</fullname> <p>Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR provides a secure, scalable, and reliable registry for your Docker or Open Container Initiative (OCI) images. Amazon ECR supports private repositories with resource-based permissions using IAM so that specific users or Amazon EC2 instances can access repositories and images.</p> <p>Amazon ECR has service endpoints in each supported Region. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/ecr.html\">Amazon ECR endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p>"