aws_ecr resource
Warning
This resource is deprecated. Please use one of the following resources instead.
aws_ecr_imageaws_ecr_imagesaws_ecr_repositoryaws_ecr_repositories
Use the aws_ecr InSpec audit resource to test properties of a single AWS Elastic Container Registry.
Syntax
An aws_ecr resource block declares the tests for a single AWS ECR by repository name.
describe aws_ecr(repository_name: aws_ecr_name) do
it { should exist }
its ('repository_name') { should eq aws_ecr_name }
end
Parameters
The ECR repository_name must be provided.
repository*name *(required)_
The name of the repository
This can be passed either as a string or as an repository_name: 'value' key-value entry in a hash.
Properties
| Property | Description |
|---|---|
| registry_id | The AWS account ID associated with the registry |
| repository_arn | The Amazon Resource Name of the repository |
| repository_name | The name of the repository |
| repository_uri | The uri of the repository |
| image_tags | The tags associated with the image |
| image_digest | A sha256 hash of the image |
| image_size_in_bytes | The size of the image in bytes. |
| image_pushed_at | The datetime as a string when the image was uploaded. ‘yyyy-mm-dd hh:mm:ss tz’ |
| image_uploaded_date | The date as a string when the image was uploaded. ‘yyyy-mm-dd’ |
Examples
Test that an ECR has the correct image properties
describe aws_ecr(repository_name: aws_ecr_name).images do
its ('image_tags') { should include 'latest'}
its ('image_digest') { should eq 'sha256:6dce4a9c1635c4c9b6a2b645e6613fa0238182fe13929808ee2258370d0f3497'}
its ('image_size_in_bytes') { should eq 764234}
its ('image_uploaded_date') { should eq '2019-06-11'}
its ('image_pushed_at') { should eq '2019-06-11 15:08:29 +0100'}
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
it { should exist }
it { should_not exist }
AWS Permissions
Your Principal will need the ecr:DescribeRepositories and ecr:DescribeImages actions set to allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon ECR, and Actions, Resources, and Condition Keys for Identity And Access Management.
Was this page helpful?