Deployment Task

This article details the JSON body needed to create an 'Amazon EC2 Container Registry' using an Access/Secret key and with an ARN Role used for Access Delegation via a REST API.


Note: This article assumes you have already setup authentication via JWT or basic authentication. Please see the Authentication API documentation.


Deployment Steps


POST to /api/v1/registries using the AWS Access key and the Secret key:

{
    "prefixes": [],
    "pull_tag_patterns": [],
    "pull_repo_patterns": [],
    "pull_repo_patterns_excluded": [],
    "auto_pull": false,
    "auto_pull_time": "03:00",
    "auto_pull_max": 100,
    "auto_pull_rescan": false,
    "type": "AWS",
    "options": [
        {
            "option": "ARNRole",
            "value": null
        }
    ],
    "username": "<your accessKey>",
    "password": "<your secretKey>",
    "webhook": {
        "enabled": false,
        "url": "https://<console url>/api/v1/registry_events/<registry name>",
        "auth_token": "",
        "un_quarantine": false
    },
    "url": "<region>",
    "name": "<registry name>"
}



POST to /api/v1/registries using the AWS ARN Role for Access Delegation:

{
    "prefixes": [],
    "pull_tag_patterns": [],
    "pull_repo_patterns": [],
    "pull_repo_patterns_excluded": [],
    "auto_pull": false,
    "auto_pull_time": "03:00",
    "auto_pull_max": 100,
    "auto_pull_rescan": false,
    "type": "AWS",
    "options": [
        {
            "option": "ARNRole",
            "value": "<your ARN Role>"
        }
    ],
    "username": "",
    "password": "",
    "webhook": {
        "enabled": false,
        "url": "http://<console url>/api/v1/registry_events/<registry name>",
        "auth_token": "",
        "un_quarantine": false
    },
    "url": "<region>",
    "name": "<registry name>"
}



The following example creates a registry of type 'AWS' with the name 'ECR-East-Dev' in 'us-east-1' region using the ARN Role from a remote account (e.g. arn:aws:iam::xxxxxxxxxx:role/ecrRole):

{
    "prefixes": [],
    "pull_tag_patterns": [],
    "pull_repo_patterns": [],
    "pull_repo_patterns_excluded": [],
    "auto_pull": false,
    "auto_pull_time": "03:00",
    "auto_pull_max": 100,
    "auto_pull_rescan": false,
    "type": "AWS",
    "options": [
        {
            "option": "ARNRole",
            "value": "arn:aws:iam::xxxxxxxxxx:role/ecrRole"
        }
    ],
    "username": "",
    "password": "",
    "webhook": {
        "enabled": false,
        "url": "https://aquasec/api/v1/registry_events/ECR-East-Dev",
        "auth_token": "",
        "un_quarantine": false
    },
    "url": "us-east-1",
    "name": "ECR-East-Dev"
}