repository_policy#

State module for managing Amazon ECR Repository Policies.

async idem_aws.states.aws.ecr.repository_policy.present(hub, ctx, name: str, repository_name: str, policy_text: Dict, resource_id: str = None, registry_id: str = None, force: bool = False) Dict[str, Any][source]#

Applies a repository policy to the specified AWS ECR repository to control access permissions.

Parameters:

  • name (str) – An Idem name of the resource.

  • repository_name (str) – The name of the ECR repository in Amazon Web Services to receive the policy.

  • policy_text (dict or str) – The JSON repository policy text to apply to the repository.

  • resource_id (str, Optional) – The registry id and repository name with a separator ‘-’. Format: [registry_id]-[repository_name].

  • registry_id (str, Optional) – The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

  • force (bool, Optional) – If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the SetRepositoryPolicy operation. This is intended to prevent accidental repository lock outs.

Request Syntax:
[idem_test_aws_ecr_repository_policy]:
  aws.ecr.repository_policy.present:
    - name: 'string'
    - repository_name: 'string'
    - policy_text: 'string'
    - registry_id: 'string'
    - force: True|False
Returns:

Dict[str, Any]

Examples

idem_test_aws_ecr_repository_policy:
  aws.ecr.repository.present:
    - name: idem_test_ecr_policy
    - repository_name: idem_test_ecr_repository
    - policy_text:
        Version: '2012-10-17'
        Statement:
          - Sid: 'DenyPull'
            Effect: 'Deny'
            Principal: '*'
            Action: ['ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer']
    - registry_id: idem_test_ecr_registry
    - force: True
async idem_aws.states.aws.ecr.repository_policy.absent(hub, ctx, name: str, repository_name: str = None, resource_id: str = None, registry_id: str = None) Dict[str, Any][source]#

Deletes the policy associated with the specified AWS ECR repository.

Parameters:

  • name (str) – An Idem name of the resource.

  • repository_name (str, Optional) – The name of the ECR repository in Amazon Web Services that contains the policy to delete.

  • resource_id (str, Optional) –

    The registry id and repository name with a separator ‘-’. Format: [registry_id]-[repository_name].

    Warning

    Idem automatically considers this resource being absent if this field is not specified.

  • registry_id (str, Optional) – The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.

Request syntax:
[idem_test_aws_ecr_repository_policy]:
  aws.ecr.repository_policy.absent:
    - name: 'string'
    - repository_name: 'string'
    - resource_id: 'string'
    - registry_id: 'string'
Returns:

Dict[str, Any]

Examples

idem_test_aws_ecr_repository_policy:
  aws.ecr.repository_policy.absent:
    - name: idem_test_ecr_policy
    - repository_name: idem_test_ecr_repository
    - resource_id: idem_test_ecr_registry-idem_test_ecr_repository
    - registry_id: idem_test_ecr_registry
async idem_aws.states.aws.ecr.repository_policy.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describes policies for AWS ECR repositories in a registry in a way that can be recreated/managed with the corresponding “present” function.

Returns:

Dict[str, Dict[str, Any]]

Examples

$ idem describe aws.ecr.repository_policy