本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon ECR 事件和 EventBridge
Amazon EventBridge 可讓您自動化您的 AWS 服務,並自動回應系統事件,例如應用程式可用性問題或資源變更。 AWS 服務的事件會以接近即時的方式傳送到 EventBridge。您可撰寫簡單的規則,來指示您在意的事件,以及包含當事件符合規則時所要自動執行的動作。可以自動觸發的動作如下:
-
將事件新增至 CloudWatch Logs 中的日誌群組
-
叫用 AWS Lambda 函數
-
調用 Amazon EC2 執行命令
-
將事件轉傳至 Amazon Kinesis Data Streams
-
啟用 AWS Step Functions 狀態機器
-
通知 Amazon SNS 主題或 Amazon SQS 佇列
如需詳細資訊,請參閱《Amazon EventBridge 使用者指南》中的 Amazon EventBridge 入門。
來自 Amazon ECR 的範例事件
以下是 Amazon ECR 的範例事件。盡可能發出事件。
已完成映像推送的事件
每次完成映像推送時,會傳送下列事件。如需詳細資訊,請參閱將 Docker 映像推送至 Amazon ECR 私有儲存庫。
{ "version": "0", "id": "13cde686-328b-6117-af20-0e5566167482", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-11-16T01:54:34Z", "region": "us-west-2", "resources": [], "detail": { "result": "SUCCESS", "repository-name": "my-repository-name", "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "action-type": "PUSH", "image-tag": "latest" } }
提取快取動作的事件
嘗試提取快取動作時,會傳送下列事件。如需詳細資訊,請參閱將上游登錄檔與 Amazon ECR 私有登錄檔同步。
{ "version": "0", "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae", "detail-type": "ECR Pull Through Cache Action", "source": "aws.ecr", "account": "123456789012", "time": "2023-02-29T02:36:48Z", "region": "us-west-2", "resources": [ "arn:aws:ecr:us-west-2:123456789012:repository/docker-hub/alpine" ], "detail": { "rule-version": "1", "sync-status": "SUCCESS", "ecr-repository-prefix": "docker-hub", "repository-name": "docker-hub/alpine", "upstream-registry-url": "public.ecr.aws", "image-tag": "3.17.2", "image-digest": "sha256:4aa08ef415aecc80814cb42fa41b658480779d80c77ab15EXAMPLE", } }
已完成映像掃描的事件 (基本型掃描)
啟用登錄檔的基本型掃描時,當每個映像掃描完成時,就會傳送下列事件。finding-severity-counts 參數只會在出現嚴重性等級時才傳回嚴重性等級的值。例如,如果映像在 CRITICAL 等級沒有問題清單,則不會傳回任何重要等級數值。如需詳細資訊,請參閱掃描映像是否有 Amazon ECR 中的作業系統漏洞。
注意
如需有關 Amazon Inspector 在啟用增強型掃描時發出之事件的詳細資訊,請參閱 在 Amazon ECR 中傳送用於增強型掃描的 EventBridge 事件。
{ "version": "0", "id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae", "detail-type": "ECR Image Scan", "source": "aws.ecr", "account": "123456789012", "time": "2019-10-29T02:36:48Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/my-repository-name" ], "detail": { "scan-status": "COMPLETE", "repository-name": "my-repository-name", "finding-severity-counts": { "CRITICAL":10, "MEDIUM":9}, "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "image-tags": [] } }
啟用增強型掃描之資源上的變更通知事件 (增強掃描)
為登錄檔啟用增強型掃描時,Amazon ECR 會在啟用了增強型掃描的資源發生變更時傳送下列事件。這包括正在建立的新儲存庫、正在變更的儲存庫掃描頻率,或是在啟用了增強型掃描的儲存庫中建立或刪除映像時。如需詳細資訊,請參閱掃描映像是否有 Amazon ECR 中的軟體漏洞。
{ "version": "0", "id": "0c18352a-a4d4-6853-ef53-0ab8638973bf", "detail-type": "ECR Scan Resource Change", "source": "aws.ecr", "account": "123456789012", "time": "2021-10-14T20:53:46Z", "region": "us-east-1", "resources": [], "detail": { "action-type": "SCAN_FREQUENCY_CHANGE", "repositories": [{ "repository-name": "repository-1", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-1", "scan-frequency": "SCAN_ON_PUSH", "previous-scan-frequency": "MANUAL" }, { "repository-name": "repository-2", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-2", "scan-frequency": "CONTINUOUS_SCAN", "previous-scan-frequency": "SCAN_ON_PUSH" }, { "repository-name": "repository-3", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-3", "scan-frequency": "CONTINUOUS_SCAN", "previous-scan-frequency": "SCAN_ON_PUSH" } ], "resource-type": "REPOSITORY", "scan-type": "ENHANCED" } }
映像刪除的事件
刪除映像時傳送以下事件。如需詳細資訊,請參閱在 Amazon ECR 中刪除映像。
{ "version": "0", "id": "dd3b46cb-2c74-f49e-393b-28286b67279d", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-11-16T02:01:05Z", "region": "us-west-2", "resources": [], "detail": { "result": "SUCCESS", "repository-name": "my-repository-name", "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "action-type": "DELETE", "image-tag": "latest" } }
映像封存動作的事件
封存映像時,會傳送下列事件。target-storage-class 欄位將設定為 ARCHIVE。事件包含資訊清單和成品媒體類型,以識別要封存的內容類型。
{ "version": "0", "id": "4f5ec4d5-4de4-7aad-a046-EXAMPLE", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-08-06T00:58:09Z", "region": "us-east-1", "resources": [], "detail": { "action-type": "UPDATE_STORAGE_CLASS", "target-storage-class": "ARCHIVE", "image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7", "repository-name": "ubuntu", "result": "SUCCESS", "manifest-media-type": "application/vnd.oci.image.manifest.v1+json", "artifact-media-type": "application/vnd.oci.image.config.v1+json" } }
映像還原動作的事件
還原封存的映像時,會傳送下列事件。target-storage-class 欄位將設定為 STANDARD。事件包含顯示影像上次還原時間last-activated-at的欄位。
{ "version": "0", "id": "7b8fc5e6-5ef5-8bbe-b157-EXAMPLE", "detail-type": "ECR Image Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-08-06T01:15:22Z", "region": "us-east-1", "resources": [], "detail": { "action-type": "UPDATE_STORAGE_CLASS", "target-storage-class": "STANDARD", "image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7", "repository-name": "ubuntu", "result": "SUCCESS", "manifest-media-type": "application/vnd.oci.image.manifest.v1+json", "artifact-media-type": "application/vnd.oci.image.config.v1+json", "last-activated-at": "2025-10-10T19:13:02.74Z" } }
推薦者還原動作的事件
還原封存的推薦者 (參考成品,例如 SBOM、簽章或證明) 時,會傳送下列事件。請注意, detail-typeECR Referrer Action是將其與一般映像動作區分開來。manifest-media-type 和 artifact-media-type 欄位可識別要還原的特定參考者類型。在此範例中,正在還原 SBOM 成品。
{ "version": "0", "id": "8c9gd6f7-6fg6-9ccf-c268-EXAMPLE", "detail-type": "ECR Referrer Action", "source": "aws.ecr", "account": "123456789012", "time": "2019-08-06T01:20:45Z", "region": "us-east-1", "resources": [], "detail": { "action-type": "UPDATE_STORAGE_CLASS", "target-storage-class": "STANDARD", "image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7", "repository-name": "sbom", "result": "SUCCESS", "manifest-media-type": "application/vnd.cncf.oras.artifact.manifest.v1+json", "artifact-media-type": "text/sbom+json", "last-activated-at": "2025-10-10T19:13:02.74Z" } }
已完成映像複寫的事件
下列事件會在每個映像複寫完成時傳送。如需詳細資訊,請參閱Amazon ECR 中的私有映像複寫。
{ "version": "0", "id": "c8b133b1-6029-ee73-e2a1-4f466b8ba999", "detail-type": "ECR Replication Action", "source": "aws.ecr", "account": "123456789012", "time": "2024-05-08T20:44:54Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/docker-hub/alpine" ], "detail": { "result": "SUCCESS", "repository-name": "docker-hub/alpine", "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "source-account": "123456789012", "action-type": "REPLICATE", "source-region": "us-west-2", "image-tag": "3.17.2" } }
失敗映像複寫的事件
當映像複寫失敗時,會傳送下列事件。result 欄位將包含 FAILED,而其他錯誤資訊可能會包含在事件詳細資訊中。
{ "version": "0", "id": "d9c244c2-7130-ff84-f3b2-5g577c9cb000", "detail-type": "ECR Replication Action", "source": "aws.ecr", "account": "123456789012", "time": "2024-05-08T20:45:12Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/my-app" ], "detail": { "result": "FAILED", "repository-name": "my-app", "image-digest": "sha256:8g6c3751gf7gc5g47603ege4511d5a80ead5g90f5893543f1489bde2345", "source-account": "123456789012", "action-type": "REPLICATE", "source-region": "us-west-2", "image-tag": "latest" } }
