images
Creates, updates, deletes or gets an image resource or lists images in a region
Overview
| Name | images |
| Type | Resource |
| Description | Resource schema for AWS::ImageBuilder::Image |
| Id | awscc.imagebuilder.images |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
image_scanning_configuration | object | Contains settings for vulnerability scans. |
container_recipe_arn | string | The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. |
workflows | array | Workflows to define the image build process |
image_uri | string | URI for containers created in current Region with default ECR image tag |
name | string | The name of the image. |
infrastructure_configuration_arn | string | The Amazon Resource Name (ARN) of the infrastructure configuration. |
image_recipe_arn | string | The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed. |
distribution_configuration_arn | string | The Amazon Resource Name (ARN) of the distribution configuration. |
image_id | string | The AMI ID of the EC2 AMI in current region. |
image_tests_configuration | object | The image tests configuration used when creating this image. |
arn | string | The Amazon Resource Name (ARN) of the image. |
enhanced_image_metadata_enabled | boolean | Collects additional information about the image being created, including the operating system (OS) version and package list. |
execution_role | string | The execution role name/ARN for the image build, if provided |
tags | object | The tags associated with the image. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
arn | string | The Amazon Resource Name (ARN) of the image. |
region | string | AWS region. |
For more information, see AWS::ImageBuilder::Image.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | images | INSERT | region |
delete_resource | images | DELETE | Identifier, region |
update_resource | images | UPDATE | Identifier, PatchDocument, region |
list_resources | images_list_only | SELECT | region |
get_resource | images | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual image.
SELECT
region,
image_scanning_configuration,
container_recipe_arn,
workflows,
image_uri,
name,
infrastructure_configuration_arn,
image_recipe_arn,
distribution_configuration_arn,
image_id,
image_tests_configuration,
arn,
enhanced_image_metadata_enabled,
execution_role,
tags
FROM awscc.imagebuilder.images
WHERE
region = 'us-east-1' AND
Identifier = '{{ arn }}';
Lists all images in a region.
SELECT
region,
arn
FROM awscc.imagebuilder.images_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new image resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.imagebuilder.images (
ImageScanningConfiguration,
ContainerRecipeArn,
Workflows,
InfrastructureConfigurationArn,
ImageRecipeArn,
DistributionConfigurationArn,
ImageTestsConfiguration,
EnhancedImageMetadataEnabled,
ExecutionRole,
Tags,
region
)
SELECT
'{{ image_scanning_configuration }}',
'{{ container_recipe_arn }}',
'{{ workflows }}',
'{{ infrastructure_configuration_arn }}',
'{{ image_recipe_arn }}',
'{{ distribution_configuration_arn }}',
'{{ image_tests_configuration }}',
'{{ enhanced_image_metadata_enabled }}',
'{{ execution_role }}',
'{{ tags }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.imagebuilder.images (
ImageScanningConfiguration,
ContainerRecipeArn,
Workflows,
InfrastructureConfigurationArn,
ImageRecipeArn,
DistributionConfigurationArn,
ImageTestsConfiguration,
EnhancedImageMetadataEnabled,
ExecutionRole,
Tags,
region
)
SELECT
'{{ image_scanning_configuration }}',
'{{ container_recipe_arn }}',
'{{ workflows }}',
'{{ infrastructure_configuration_arn }}',
'{{ image_recipe_arn }}',
'{{ distribution_configuration_arn }}',
'{{ image_tests_configuration }}',
'{{ enhanced_image_metadata_enabled }}',
'{{ execution_role }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: image
props:
- name: image_scanning_configuration
value:
ecr_configuration:
container_tags:
- '{{ container_tags[0] }}'
repository_name: '{{ repository_name }}'
image_scanning_enabled: '{{ image_scanning_enabled }}'
- name: container_recipe_arn
value: '{{ container_recipe_arn }}'
- name: workflows
value:
- workflow_arn: '{{ workflow_arn }}'
parameters:
- name: '{{ name }}'
value:
- '{{ value[0] }}'
parallel_group: '{{ parallel_group }}'
on_failure: '{{ on_failure }}'
- name: infrastructure_configuration_arn
value: '{{ infrastructure_configuration_arn }}'
- name: image_recipe_arn
value: '{{ image_recipe_arn }}'
- name: distribution_configuration_arn
value: '{{ distribution_configuration_arn }}'
- name: image_tests_configuration
value:
image_tests_enabled: '{{ image_tests_enabled }}'
timeout_minutes: '{{ timeout_minutes }}'
- name: enhanced_image_metadata_enabled
value: '{{ enhanced_image_metadata_enabled }}'
- name: execution_role
value: '{{ execution_role }}'
- name: tags
value: {}
UPDATE example
Use the following StackQL query and manifest file to update a image resource, using stack-deploy.
/*+ update */
UPDATE awscc.imagebuilder.images
SET PatchDocument = string('{{ {
"ExecutionRole": execution_role,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.imagebuilder.images
WHERE
Identifier = '{{ arn }}' AND
region = 'us-east-1';
Permissions
To operate on the images resource, the following permissions are required:
- Read
- Create
- Update
- List
- Delete
imagebuilder:GetImage
ecr:BatchGetRepositoryScanningConfiguration,
iam:GetRole,
iam:PassRole,
iam:CreateServiceLinkedRole,
imagebuilder:GetImageRecipe,
imagebuilder:GetInfrastructureConfiguration,
imagebuilder:GetDistributionConfiguration,
imagebuilder:GetWorkflow,
imagebuilder:GetImage,
imagebuilder:CreateImage,
imagebuilder:TagResource,
inspector2:BatchGetAccountStatus
imagebuilder:TagResource,
imagebuilder:UntagResource
imagebuilder:ListImages,
imagebuilder:ListImageBuildVersions
imagebuilder:GetImage,
imagebuilder:DeleteImage,
imagebuilder:UntagResource,
imagebuilder:CancelImageCreation