Module Awso_ecr_lwtSource

The image details of the Amazon ECR container image.

Details on adjustments Amazon Inspector made to the CVSS score for a finding.

The CVSS score for a finding.

Information on the vulnerable package identified by a finding.

Contains details about the resource involved in the finding.

A repository filter used to determine which repositories have their images automatically signed on push. Each filter consists of a filter type and filter value.

An array of objects representing the destination for a replication rule.

The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.

The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide.

Details about the recommended course of action to remediate the finding.

Details about the resource involved in a finding.

Information about the CVSS score.

This data type is used in the ImageScanFinding data type.

The Amazon Resource Name (ARN) of an Amazon Web Services Signer signing profile. The ARN contains the arn:aws:signer namespace, followed by the region, Amazon Web Services account ID, and signing profile resource path. For example, arn:aws:signer:region:012345678910:/signing-profiles/profile-name.

A filter that specifies which image tags should be excluded from the repository's image tag mutability setting.

The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Information about a package vulnerability finding.

Information on how to remediate a finding.

Information about the Amazon Inspector score given to a finding.

A signing rule that specifies a signing profile and optional repository filters. When an image is pushed to a matching repository, a signing job is created using the specified profile.

An array of objects representing the replication destinations and repository filters for a replication configuration.

The details of a scanning rule for a private registry.

The type of action to be taken.

The total count of images transitioning to a storage class.

The encryption configuration to associate with the repository creation template.

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

The image scanning configuration for a repository.

A summary of the last completed image scan.

The current status of an image scan.

The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.

Contains information about an image scan finding.

An object with identifying information for an image in an Amazon ECR repository.

An object representing an artifact associated with a subject image.

The result of the lifecycle policy preview.

An object representing authorization data for an Amazon ECR registry.

The details of the repository creation template associated with the request.

An object representing a repository.

The details of a pull through cache rule.

An object that describes an image returned by a DescribeImages operation.

The signing status for an image. Each status corresponds to a signing profile.

The status of the replication process for an image.

The details about any failures associated with the scanning configuration of a repository.

The details of the scanning configuration for a repository.

An object representing an Amazon ECR image failure.

An object representing an Amazon ECR image.

An object representing an Amazon ECR image layer failure.

An object representing an Amazon ECR image layer.

The specified parameter is invalid. Review the available parameters for the API request.

The pull through cache rule was not found. Specify a valid pull through cache rule and try again.

These errors are usually caused by a server-side issue.

There was an exception validating this request.

The layer part size is not valid, or the first byte specified is not consecutive to the last byte of a previous layer part upload.

The operation failed due to a KMS exception.

The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.

The specified repository could not be found. Check the spelling of the specified repository and ensure that you are performing operations on the correct registry.

The upload could not be found, or the specified upload ID is not valid for this repository.

The specified repository creation template can't be found. Verify the registry ID and prefix and try again.

The ARN of the secret specified in the pull through cache rule was not found. Update the pull through cache rule with a valid secret ARN and try again.

The secret is unable to be accessed. Verify the resource permissions for the secret and try again.

The secret is accessible but is unable to be decrypted. Verify the resource permisisons and try again.

The image requested does not exist in the specified repository.

The requested image storage class update is not supported.

An invalid parameter has been specified. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.

The lifecycle policy could not be found, and no policy is set to the repository.

The previous lifecycle policy preview request has not completed. Wait and try again.

The specified image is archived and cannot be scanned.

The image is of a type that cannot be scanned.

The specified pull time update exclusion already exists for the registry.

The signing configuration for a registry, which specifies rules for automatically signing images when pushed.

The replication configuration for a registry.

The operation did not succeed because the account is managed by a organization policy.

The scanning configuration for a private registry.

The specified image has already been pushed, and there were no changes to the manifest or image tag after the last push.

The specified image digest does not match the digest that Amazon ECR calculated for the image.

The specified image is tagged with a tag that already exists. The repository is configured for tag immutability.

The specified layers could not be found, or the specified layer is not valid for this repository.

The manifest list is referencing an image that does not exist.

An object representing a filter on a ListImages operation.

The referrer or referrers were unable to be listed using the pull through cache rule. This is usually caused because of an issue with the Secrets Manager secret containing the credentials for the upstream registry.

An object representing a filter on a ListImageReferrers operation.

An object that identifies an image subject.

The specified signing configuration was not found. This occurs when attempting to retrieve or delete a signing configuration that does not exist.

The specified repository and registry combination does not have an associated repository policy.

The registry doesn't have an associated registry policy.

There is no dry run for this repository.

The summary of the lifecycle policy preview request.

The filter for the lifecycle policy preview.

The specified layer is not available because it is not associated with an image. Unassociated image layers may be cleaned up at any time.

There was an issue getting the upstream layer matching the pull through cache rule.

An object representing a filter on a DescribeImages operation.

The details of an image scan.

The specified image scan could not be found. Ensure that image scanning is enabled on the repository and try again.

The specified pull time update exclusion was not found.

The specified repository contains images. To delete a repository that contains images, you must force the deletion with the force parameter.

The specified repository already exists in the specified registry.

The repository creation template already exists. Specify a unique prefix and try again.

A pull through cache rule with these settings already exists for the private registry.

The specified upstream registry isn't supported.

The specified layer upload does not contain any layer parts.

The layer digest calculation performed by Amazon ECR upon receipt of the image layer does not match the digest specified.

The image layer already exists in the associated repository.

Layer parts must be at least 5 MiB in size.

The image or images were unable to be pulled using the pull through cache rule. This is usually caused because of an issue with the Secrets Manager secret containing the credentials for the upstream registry.

Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.

Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.

Uploads an image layer part to Amazon ECR. When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Uploads an image layer part to Amazon ECR. When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Updates an existing repository creation template.

Updates an existing repository creation template.

Updates an existing pull through cache rule.

Updates an existing pull through cache rule.

Transitions an image between storage classes. You can transition images from Amazon ECR standard storage class to Amazon ECR archival storage class for long-term storage, or restore archived images back to Amazon ECR standard.

Transitions an image between storage classes. You can transition images from Amazon ECR standard storage class to Amazon ECR archival storage class for long-term storage, or restore archived images back to Amazon ECR standard.

Deletes specified tags from a resource.

Deletes specified tags from a resource.

Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.

Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.

Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.

Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.

Starts a basic image vulnerability scan. A basic image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. You can start up to 100,000 basic scans per 24 hours. This limit includes both scans on initial push and scans initiated by the StartImageScan API. For more information, see Basic scanning in the Amazon Elastic Container Registry User Guide.

Starts a basic image vulnerability scan. A basic image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. You can start up to 100,000 basic scans per 24 hours. This limit includes both scans on initial push and scans initiated by the StartImageScan API. For more information, see Basic scanning in the Amazon Elastic Container Registry User Guide.

Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide.

Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide.

Adds an IAM principal to the pull time update exclusion list for a registry. Amazon ECR will not record the pull time if an excluded principal pulls an image.

Adds an IAM principal to the pull time update exclusion list for a registry. Amazon ECR will not record the pull time if an excluded principal pulls an image.

Creates or updates the registry's signing configuration, which defines rules for automatically signing images with Amazon Web Services Signer. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide. To successfully generate a signature, the IAM principal pushing images must have permission to sign payloads with the Amazon Web Services Signer signing profile referenced in the signing configuration.

Creates or updates the registry's signing configuration, which defines rules for automatically signing images with Amazon Web Services Signer. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide. To successfully generate a signature, the IAM principal pushing images must have permission to sign payloads with the Amazon Web Services Signer signing profile referenced in the signing configuration.

Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication. When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.

Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication. When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.

Creates or updates the scanning configuration for your private registry.

Creates or updates the scanning configuration for your private registry.

Creates or updates the permissions policy for your registry. A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Creates or updates the permissions policy for your registry. A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template.

Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template.

Updates the image tag mutability settings for the specified repository. For more information, see Image tag mutability in the Amazon Elastic Container Registry User Guide.

Updates the image tag mutability settings for the specified repository. For more information, see Image tag mutability in the Amazon Elastic Container Registry User Guide.

The PutImageScanningConfiguration API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration. Updates the image scanning configuration for the specified repository.

The PutImageScanningConfiguration API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration. Updates the image scanning configuration for the specified repository.

Creates or updates the image manifest and tags associated with an image. When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Creates or updates the image manifest and tags associated with an image. When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Allows you to change the basic scan type version or registry policy scope.

Allows you to change the basic scan type version or registry policy scope.

List the tags for an Amazon ECR resource.

List the tags for an Amazon ECR resource.

Lists the IAM principals that are excluded from having their image pull times recorded.

Lists the IAM principals that are excluded from having their image pull times recorded.

Lists all the image IDs for the specified repository. You can filter images based on whether or not they are tagged by using the tagStatus filter and specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.

Lists all the image IDs for the specified repository. You can filter images based on whether or not they are tagged by using the tagStatus filter and specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.

Lists the artifacts associated with a specified subject image. The IAM principal invoking this operation must have the ecr:BatchGetImage permission.

Lists the artifacts associated with a specified subject image. The IAM principal invoking this operation must have the ecr:BatchGetImage permission.

Notifies Amazon ECR that you intend to upload an image layer. When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Notifies Amazon ECR that you intend to upload an image layer. When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Retrieves the registry's signing configuration, which defines rules for automatically signing images using Amazon Web Services Signer. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.

Retrieves the registry's signing configuration, which defines rules for automatically signing images using Amazon Web Services Signer. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.

Retrieves the repository policy for the specified repository.

Retrieves the repository policy for the specified repository.

Retrieves the scanning configuration for a registry.

Retrieves the scanning configuration for a registry.

Retrieves the permissions policy for a registry.

Retrieves the permissions policy for a registry.

Retrieves the lifecycle policy for the specified repository.

Retrieves the lifecycle policy for the specified repository.

Retrieves the results of the lifecycle policy preview request for the specified repository.

Retrieves the results of the lifecycle policy preview request for the specified repository.

Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image. When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image. When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.

Retrieves the account setting value for the specified setting name.

Retrieves the account setting value for the specified setting name.

Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.

Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.

Describes image repositories in a registry.

Describes image repositories in a registry.

Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.

Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.

Returns the pull through cache rules for a registry.

Returns the pull through cache rules for a registry.

Returns metadata about the images in a repository. Starting with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size. Therefore, Docker might return a larger image than the image shown in the Amazon Web Services Management Console. The new version of Amazon ECR Basic Scanning doesn't use the ImageDetail$imageScanFindingsSummary and ImageDetail$imageScanStatus attributes from the API response to return scan results. Use the DescribeImageScanFindings API instead. For more information about Amazon Web Services native basic scanning, see Scan images for software vulnerabilities in Amazon ECR.

Returns metadata about the images in a repository. Starting with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size. Therefore, Docker might return a larger image than the image shown in the Amazon Web Services Management Console. The new version of Amazon ECR Basic Scanning doesn't use the ImageDetail$imageScanFindingsSummary and ImageDetail$imageScanStatus attributes from the API response to return scan results. Use the DescribeImageScanFindings API instead. For more information about Amazon Web Services native basic scanning, see Scan images for software vulnerabilities in Amazon ECR.

Returns the signing status for a specified image. If the image matched signing rules that reference different signing profiles, a status is returned for each profile. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.

Returns the signing status for a specified image. If the image matched signing rules that reference different signing profiles, a status is returned for each profile. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.

Returns the scan findings for the specified image.

Returns the scan findings for the specified image.

Returns the replication status for a specified image.

Returns the replication status for a specified image.

Removes a principal from the pull time update exclusion list for a registry. Once removed, Amazon ECR will resume updating the pull time if the specified principal pulls an image.

Removes a principal from the pull time update exclusion list for a registry. Once removed, Amazon ECR will resume updating the pull time if the specified principal pulls an image.

Deletes the registry's signing configuration. Images pushed after deletion of the signing configuration will no longer be automatically signed. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide. Deleting the signing configuration does not affect existing image signatures.

Deletes the registry's signing configuration. Images pushed after deletion of the signing configuration will no longer be automatically signed. For more information, see Managed signing in the Amazon Elastic Container Registry User Guide. Deleting the signing configuration does not affect existing image signatures.

Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

Deletes the repository policy associated with the specified repository.

Deletes the repository policy associated with the specified repository.

Deletes a repository creation template.

Deletes a repository creation template.

Deletes the registry permissions policy.

Deletes the registry permissions policy.

Deletes a pull through cache rule.

Deletes a pull through cache rule.

Deletes the lifecycle policy associated with the specified repository.

Deletes the lifecycle policy associated with the specified repository.

Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.

Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide.

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide.

Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.

Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes. When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes. When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Gets the scanning configuration for one or more repositories.

Gets the scanning configuration for one or more repositories.

Gets detailed information for an image. Images are specified with either an imageTag or imageDigest. When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.

Gets detailed information for an image. Images are specified with either an imageTag or imageDigest. When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.

Deletes a list of specified images within a repository. Images are specified with either an imageTag or imageDigest. You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository. You can completely delete an image (and all of its tags) by specifying the image's digest in your request.

Deletes specified images within a specified repository. Images are specified with either the imageTag or imageDigest.

Checks the availability of one or more image layers in a repository. When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.

Checks the availability of one or more image layers in a repository. When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped. This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.