Table: aws_ecrpublic_repository - Query AWS Elastic Container Registry Public Repository using SQL
The AWS Elastic Container Registry Public Repository is a service that allows you to store, manage, and deploy Docker images. It eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. It is a fully-managed service that makes it easy to store, manage, share, and deploy your container images and artifacts anywhere.
Table Usage Guide
The aws_ecrpublic_repository
table in Steampipe provides you with information about each ECR public repository within your AWS account. This table allows you, as a DevOps engineer, to query repository-specific details, including the repository ARN, repository name, creation date, and associated metadata. You can use this table to gather insights on repositories, such as the number of images per repository, the status of each repository, and more. The schema outlines the various attributes of the ECR public repository for you, including the repository ARN, creation date, image tag mutability, and associated tags.
Examples
Basic info
Explore which public repositories are available in your AWS Elastic Container Registry. This can help you manage and track your container images, understand their origins and creation times, and identify the specific regions and accounts associated with each repository.
select repository_name, registry_id, arn, repository_uri, created_at, region, account_idfrom aws_ecrpublic_repository;
select repository_name, registry_id, arn, repository_uri, created_at, region, account_idfrom aws_ecrpublic_repository;
List repository policy statements that grant full access for each repository
Determine the areas in which repository policy statements are granting full access. This is useful for security audits and ensuring that access permissions are correctly configured.
select title, p as principal, a as action, s ->> 'Effect' as effect, s -> 'Condition' as conditionsfrom aws_ecrpublic_repository, jsonb_array_elements(policy -> 'Statement') as s, jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p, jsonb_array_elements_text(s -> 'Action') as awhere s ->> 'Effect' = 'Allow' and a in ('*', 'ecr-public:*');
select title, json_extract(p.value, '$') as principal, json_extract(a.value, '$') as action, json_extract(s.value, '$.Effect') as effect, json_extract(s.value, '$.Condition') as conditionsfrom aws_ecrpublic_repository, json_each(json_extract(policy, '$.Statement')) as s, json_each(json_extract(s.value, '$.Principal.AWS')) as p, json_each(json_extract(s.value, '$.Action')) as awhere json_extract(s.value, '$.Effect') = 'Allow' and json_extract(a.value, '$') in ('*', 'ecr-public:*');
Schema for aws_ecrpublic_repository
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) that identifies the repository. | |
created_at | timestamp with time zone | The date and time, in JavaScript date format, when the repository was created. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
policy | jsonb | The JSON repository policy text associated with the repository. | |
policy_std | jsonb | Contains the policy in a canonical form for easier searching. | |
region | text | The AWS Region in which the resource is located. | |
registry_id | text | = | The AWS account ID associated with the public registry that contains the repository. |
repository_name | text | = | The name of the repository. |
repository_uri | text | The URI for the repository. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tags assigned to the repository. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_ecrpublic_repository