本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 亚马逊 ECR 事件和 EventBridge
Amazon EventBridge 使您能够实现 AWS 服务自动化,并自动响应系统事件,例如应用程序可用性问题或资源更改。来自 AWS 服务的事件几乎是实时的。 EventBridge 您可以编写简单规则来指示您关注的事件,并包括要在事件匹配规则时执行的自动化操作。可自动触发的操作包括:
+ 将事件添加到日志中的 CloudWatch 日志组
+ 调用函数 AWS Lambda
+ 调用 Amazon EC2 Run Command
+ 将事件中继到 Amazon Kinesis Data Streams
+ 激活 AWS Step Functions 状态机
+ 通知 Amazon SNS 主题或 Amazon SQS 队列
有关更多信息,请参阅《[亚马逊* EventBridge 用户指南》 EventBridge中的 “亚马逊*入门](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-getting-set-up.html)”。
## 来自 Amazon ECR 的示例事件
以下是来自 Amazon ECR 的示例事件。尽最大努力发出事件。
**已完成镜像推送的事件**
每个镜像推送完成后,将发送以下事件。有关更多信息,请参阅 [将 Docker 映像推送到 Amazon ECR 私有存储库](docker-push-ecr-image.md)。
```
{
"version": "0",
"id": "13cde686-328b-6117-af20-0e5566167482",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-11-16T01:54:34Z",
"region": "us-west-2",
"resources": [],
"detail": {
"result": "SUCCESS",
"repository-name": "my-repository-name",
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"action-type": "PUSH",
"image-tag": "latest"
}
}
```
**缓存提取操作的事件**
尝试缓存提取操作时,将发送以下事件。有关更多信息,请参阅 [将上游注册表与 Amazon ECR 私有注册表同步](pull-through-cache.md)。
```
{
"version": "0",
"id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
"detail-type": "ECR Pull Through Cache Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2023-02-29T02:36:48Z",
"region": "us-west-2",
"resources": [
"arn:aws:ecr:us-west-2:123456789012:repository/docker-hub/alpine"
],
"detail": {
"rule-version": "1",
"sync-status": "SUCCESS",
"ecr-repository-prefix": "docker-hub",
"repository-name": "docker-hub/alpine",
"upstream-registry-url": "public.ecr.aws",
"image-tag": "3.17.2",
"image-digest": "sha256:4aa08ef415aecc80814cb42fa41b658480779d80c77ab15EXAMPLE",
}
}
```
**已完成镜像扫描的事件(基本扫描)**
为注册表启用基本扫描后,当每个镜像扫描完成时,会发送以下事件。`finding-severity-counts` 参数仅返回严重性级别的值 (如果存在)。例如,如果镜像不包含任何 `CRITICAL` 级别的结果,则不会返回任何关键计数。有关更多信息,请参阅 [在 Amazon ECR 中扫描映像是否存在操作系统漏洞](image-scanning-basic.md)。
**注意**
有关启用增强扫描后 Amazon Inspector 发出的事件的详细信息,请参阅 [EventBridge 为了在 Amazon ECR 中进行增强扫描而发送的事件](image-scanning-enhanced-events.md)。
```
{
"version": "0",
"id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
"detail-type": "ECR Image Scan",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-10-29T02:36:48Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/my-repository-name"
],
"detail": {
"scan-status": "COMPLETE",
"repository-name": "my-repository-name",
"finding-severity-counts": {
"CRITICAL": 10,
"MEDIUM": 9
},
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"image-tags": []
}
}
```
**启用了增强扫描的资源的变更通知事件(增强扫描)**
为注册表启用增强扫描后,当启用了增强扫描的资源发生更改时,Amazon ECR 将发送以下事件。这包括正在创建的新存储库、正在更改的存储库的扫描频率,或者在启用了增强扫描功能的存储库中创建或删除镜像的时间。有关更多信息,请参阅 [在 Amazon ECR 中扫描映像是否存在软件漏洞](image-scanning.md)。
```
{
"version": "0",
"id": "0c18352a-a4d4-6853-ef53-0ab8638973bf",
"detail-type": "ECR Scan Resource Change",
"source": "aws.ecr",
"account": "123456789012",
"time": "2021-10-14T20:53:46Z",
"region": "us-east-1",
"resources": [],
"detail": {
"action-type": "SCAN_FREQUENCY_CHANGE",
"repositories": [{
"repository-name": "repository-1",
"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-1",
"scan-frequency": "SCAN_ON_PUSH",
"previous-scan-frequency": "MANUAL"
},
{
"repository-name": "repository-2",
"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-2",
"scan-frequency": "CONTINUOUS_SCAN",
"previous-scan-frequency": "SCAN_ON_PUSH"
},
{
"repository-name": "repository-3",
"repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/repository-3",
"scan-frequency": "CONTINUOUS_SCAN",
"previous-scan-frequency": "SCAN_ON_PUSH"
}
],
"resource-type": "REPOSITORY",
"scan-type": "ENHANCED"
}
}
```
**镜像删除的事件**
删除镜像时将发送以下事件。有关更多信息,请参阅 [删除 Amazon ECR 中的映像](delete_image.md)。
```
{
"version": "0",
"id": "dd3b46cb-2c74-f49e-393b-28286b67279d",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-11-16T02:01:05Z",
"region": "us-west-2",
"resources": [],
"detail": {
"result": "SUCCESS",
"repository-name": "my-repository-name",
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"action-type": "DELETE",
"image-tag": "latest"
}
}
```
**图像存档操作的事件**
存档图像时会发送以下事件。该`target-storage-class`字段将设置为`ARCHIVE`。该事件包括清单和构件媒体类型,用于标识要存档的内容的类型。
```
{
"version": "0",
"id": "4f5ec4d5-4de4-7aad-a046-EXAMPLE",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-08-06T00:58:09Z",
"region": "us-east-1",
"resources": [],
"detail": {
"action-type": "UPDATE_STORAGE_CLASS",
"target-storage-class": "ARCHIVE",
"image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7",
"repository-name": "ubuntu",
"result": "SUCCESS",
"manifest-media-type": "application/vnd.oci.image.manifest.v1+json",
"artifact-media-type": "application/vnd.oci.image.config.v1+json"
}
}
```
**图像恢复操作的事件**
恢复存档图像时会发送以下事件。该`target-storage-class`字段将设置为`STANDARD`。该事件包括一个显示图像上次恢复时间的`last-activated-at`字段。
```
{
"version": "0",
"id": "7b8fc5e6-5ef5-8bbe-b157-EXAMPLE",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-08-06T01:15:22Z",
"region": "us-east-1",
"resources": [],
"detail": {
"action-type": "UPDATE_STORAGE_CLASS",
"target-storage-class": "STANDARD",
"image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7",
"repository-name": "ubuntu",
"result": "SUCCESS",
"manifest-media-type": "application/vnd.oci.image.manifest.v1+json",
"artifact-media-type": "application/vnd.oci.image.config.v1+json",
"last-activated-at": "2025-10-10T19:13:02.74Z"
}
}
```
**反向链接恢复操作的事件**
恢复存档的反向链接(参考对象,例如 SBOM、签名或证明)时,将发送以下事件。请注意,`detail-type`是`ECR Referrer Action`为了将其与常规图像操作区分开来。`manifest-media-type`和`artifact-media-type`字段用于标识要恢复的反向链接的特定类型。在本示例中,正在恢复 SBOM 对象。
```
{
"version": "0",
"id": "8c9gd6f7-6fg6-9ccf-c268-EXAMPLE",
"detail-type": "ECR Referrer Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-08-06T01:20:45Z",
"region": "us-east-1",
"resources": [],
"detail": {
"action-type": "UPDATE_STORAGE_CLASS",
"target-storage-class": "STANDARD",
"image-digest": "sha256:f98d67af8e53a536502bfc600de3266556b06ed635a32d60aa7a5fe6d7e609d7",
"repository-name": "sbom",
"result": "SUCCESS",
"manifest-media-type": "application/vnd.cncf.oras.artifact.manifest.v1+json",
"artifact-media-type": "text/sbom+json",
"last-activated-at": "2025-10-10T19:13:02.74Z"
}
}
```
**已完成映像复制的事件**
每个映像复制完成后,将发送以下事件。有关更多信息,请参阅 [Amazon ECR 中的私有映像复制](replication.md)。
```
{
"version": "0",
"id": "c8b133b1-6029-ee73-e2a1-4f466b8ba999",
"detail-type": "ECR Replication Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2024-05-08T20:44:54Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/docker-hub/alpine"
],
"detail": {
"result": "SUCCESS",
"repository-name": "docker-hub/alpine",
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"source-account": "123456789012",
"action-type": "REPLICATE",
"source-region": "us-west-2",
"image-tag": "3.17.2"
}
}
```
**映像复制失败的事件**
映像复制失败时,将发送以下事件。`result` 字段将包含 `FAILED`,其他错误信息可能包含在事件详细信息中。
```
{
"version": "0",
"id": "d9c244c2-7130-ff84-f3b2-5g577c9cb000",
"detail-type": "ECR Replication Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2024-05-08T20:45:12Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/my-app"
],
"detail": {
"result": "FAILED",
"repository-name": "my-app",
"image-digest": "sha256:8g6c3751gf7gc5g47603ege4511d5a80ead5g90f5893543f1489bde2345",
"source-account": "123456789012",
"action-type": "REPLICATE",
"source-region": "us-west-2",
"image-tag": "latest"
}
}
```