CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

ecr.mddocs/compute/

Amazon ECR (Elastic Container Registry)

Amazon Elastic Container Registry is a fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images.

Package

import * as aws from "@pulumi/aws";
import * as ecr from "@pulumi/aws/ecr";

Key Resources

Repository

Container image repository.

const repository = new aws.ecr.Repository("app-repo", {
    name: "my-application",
    imageTagMutability: "MUTABLE",
    imageScanningConfiguration: {
        scanOnPush: true,
    },
    encryptionConfigurations: [{
        encryptionType: "AES256",
    }],
    tags: {
        Application: "my-app",
    },
});

Repository Policy

Resource-based policy for repository access.

const repositoryPolicy = new aws.ecr.RepositoryPolicy("repo-policy", {
    repository: repository.name,
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Sid: "AllowPull",
            Effect: "Allow",
            Principal: {
                AWS: `arn:aws:iam::${accountId}:role/ECSTaskExecutionRole`,
            },
            Action: [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
            ],
        }],
    }),
});

Lifecycle Policy

Automatically clean up old images.

const lifecyclePolicy = new aws.ecr.LifecyclePolicy("lifecycle", {
    repository: repository.name,
    policy: JSON.stringify({
        rules: [{
            rulePriority: 1,
            description: "Keep last 10 images",
            selection: {
                tagStatus: "any",
                countType: "imageCountMoreThan",
                countNumber: 10,
            },
            action: {
                type: "expire",
            },
        }],
    }),
});

Common Patterns

Cross-Account Access

const crossAccountPolicy = new aws.ecr.RepositoryPolicy("cross-account", {
    repository: repository.name,
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Sid: "AllowCrossAccountPull",
            Effect: "Allow",
            Principal: {
                AWS: `arn:aws:iam::${otherAccountId}:root`,
            },
            Action: [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
            ],
        }],
    }),
});

KMS Encryption

const kmsKey = new aws.kms.Key("ecr-key", {
    description: "ECR repository encryption key",
});

const encryptedRepo = new aws.ecr.Repository("encrypted-repo", {
    name: "encrypted-images",
    encryptionConfigurations: [{
        encryptionType: "KMS",
        kmsKey: kmsKey.arn,
    }],
});

Tag-Based Lifecycle Policy

const tagLifecycle = new aws.ecr.LifecyclePolicy("tag-lifecycle", {
    repository: repository.name,
    policy: JSON.stringify({
        rules: [
            {
                rulePriority: 1,
                description: "Keep production images",
                selection: {
                    tagStatus: "tagged",
                    tagPrefixList: ["prod"],
                    countType: "imageCountMoreThan",
                    countNumber: 50,
                },
                action: {
                    type: "expire",
                },
            },
            {
                rulePriority: 2,
                description: "Expire untagged after 7 days",
                selection: {
                    tagStatus: "untagged",
                    countType: "sinceImagePushed",
                    countUnit: "days",
                    countNumber: 7,
                },
                action: {
                    type: "expire",
                },
            },
        ],
    }),
});

Replication Configuration

const replication = new aws.ecr.ReplicationConfiguration("replication", {
    replicationConfiguration: {
        rules: [{
            destinations: [{
                region: "us-east-1",
                registryId: accountId,
            }],
            repositoryFilters: [{
                filter: "prod-*",
                filterType: "PREFIX_MATCH",
            }],
        }],
    },
});

Key Properties

Repository Properties

  • name - Repository name
  • imageTagMutability - Tag mutability (MUTABLE or IMMUTABLE)
  • imageScanningConfiguration - Image scanning settings
  • encryptionConfigurations - Encryption configuration
  • tags - Resource tags

Lifecycle Policy Properties

  • repository - Repository name
  • policy - Lifecycle rules JSON

Output Properties

  • repositoryUrl - Repository URL for docker push/pull
  • arn - Repository ARN
  • registryId - Registry ID

Use Cases

  • Container Storage: Store Docker and OCI images
  • CI/CD Pipelines: Integrate with build pipelines
  • ECS/EKS Deployments: Container orchestration
  • Image Scanning: Security vulnerability scanning
  • Multi-Region Replication: Distribute images globally

Related Services

  • ECS - Container orchestration
  • EKS - Kubernetes service
  • CodeBuild - Build container images
  • Lambda - Container-based Lambda functions

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws

docs

compute

autoscaling.md

batch.md

ec2.md

ecr.md

ecs.md

eks.md

lambda.md

overview.md

index.md

quickstart.md

README.md

tile.json