aws-sdk-ecr 1.3.0 → 1.69.0

data/lib/aws-sdk-ecr/client.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -15,16 +17,38 @@ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
 require 'aws-sdk-core/plugins/retry_errors.rb'
 require 'aws-sdk-core/plugins/global_configuration.rb'
 require 'aws-sdk-core/plugins/regional_endpoint.rb'
+require 'aws-sdk-core/plugins/endpoint_discovery.rb'
+require 'aws-sdk-core/plugins/endpoint_pattern.rb'
 require 'aws-sdk-core/plugins/response_paging.rb'
 require 'aws-sdk-core/plugins/stub_responses.rb'
 require 'aws-sdk-core/plugins/idempotency_token.rb'
 require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
+require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
+require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
+require 'aws-sdk-core/plugins/request_compression.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:ecr)
 
 module Aws::ECR
+  # An API client for ECR.  To construct a client, you need to configure a `:region` and `:credentials`.
+  #
+  #     client = Aws::ECR::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
+  #
+  # For details on configuring region and credentials see
+  # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
+  #
+  # See {#initialize} for a full list of supported configuration options.
   class Client < Seahorse::Client::Base
 
     include Aws::ClientStubs
@@ -43,111 +67,330 @@ module Aws::ECR
     add_plugin(Aws::Plugins::RetryErrors)
     add_plugin(Aws::Plugins::GlobalConfiguration)
     add_plugin(Aws::Plugins::RegionalEndpoint)
+    add_plugin(Aws::Plugins::EndpointDiscovery)
+    add_plugin(Aws::Plugins::EndpointPattern)
     add_plugin(Aws::Plugins::ResponsePaging)
     add_plugin(Aws::Plugins::StubResponses)
     add_plugin(Aws::Plugins::IdempotencyToken)
     add_plugin(Aws::Plugins::JsonvalueConverter)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::ClientMetricsPlugin)
+    add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
+    add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
+    add_plugin(Aws::Plugins::RequestCompression)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
+    add_plugin(Aws::ECR::Plugins::Endpoints)
 
-    # @option options [required, Aws::CredentialProvider] :credentials
-    #   Your AWS credentials. This can be an instance of any one of the
-    #   following classes:
+    # @overload initialize(options)
+    #   @param [Hash] options
+    #   @option options [required, Aws::CredentialProvider] :credentials
+    #     Your AWS credentials. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::Credentials` - Used for configuring static, non-refreshing
+    #       credentials.
+    #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
+    #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
+    #       from an EC2 IMDS on an EC2 instance.
+    #
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
+    #
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
+    #
+    #     When `:credentials` are not configured directly, the following
+    #     locations will be searched for credentials:
+    #
+    #     * `Aws.config[:credentials]`
+    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * `~/.aws/credentials`
+    #     * `~/.aws/config`
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
+    #
+    #   @option options [required, String] :region
+    #     The AWS region to connect to.  The configured `:region` is
+    #     used to determine the service `:endpoint`. When not passed,
+    #     a default `:region` is searched for in the following locations:
+    #
+    #     * `Aws.config[:region]`
+    #     * `ENV['AWS_REGION']`
+    #     * `ENV['AMAZON_REGION']`
+    #     * `ENV['AWS_DEFAULT_REGION']`
+    #     * `~/.aws/credentials`
+    #     * `~/.aws/config`
+    #
+    #   @option options [String] :access_key_id
+    #
+    #   @option options [Boolean] :active_endpoint_cache (false)
+    #     When set to `true`, a thread polling for endpoints will be running in
+    #     the background every 60 secs (default). Defaults to `false`.
+    #
+    #   @option options [Boolean] :adaptive_retry_wait_to_fill (true)
+    #     Used only in `adaptive` retry mode.  When true, the request will sleep
+    #     until there is sufficent client side capacity to retry the request.
+    #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
+    #     not retry instead of sleeping.
+    #
+    #   @option options [Boolean] :client_side_monitoring (false)
+    #     When `true`, client-side metrics will be collected for all API requests from
+    #     this client.
+    #
+    #   @option options [String] :client_side_monitoring_client_id ("")
+    #     Allows you to provide an identifier for this client which will be attached to
+    #     all generated client side metrics. Defaults to an empty string.
+    #
+    #   @option options [String] :client_side_monitoring_host ("127.0.0.1")
+    #     Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
+    #     side monitoring agent is running on, where client metrics will be published via UDP.
+    #
+    #   @option options [Integer] :client_side_monitoring_port (31000)
+    #     Required for publishing client metrics. The port that the client side monitoring
+    #     agent is running on, where client metrics will be published via UDP.
+    #
+    #   @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
+    #     Allows you to provide a custom client-side monitoring publisher class. By default,
+    #     will use the Client Side Monitoring Agent Publisher.
+    #
+    #   @option options [Boolean] :convert_params (true)
+    #     When `true`, an attempt is made to coerce request parameters into
+    #     the required types.
+    #
+    #   @option options [Boolean] :correct_clock_skew (true)
+    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     a clock skew correction and retry requests with skewed client clocks.
+    #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
+    #   @option options [Boolean] :disable_host_prefix_injection (false)
+    #     Set to true to disable SDK automatically adding host prefix
+    #     to default service endpoint when available.
+    #
+    #   @option options [Boolean] :disable_request_compression (false)
+    #     When set to 'true' the request body will not be compressed
+    #     for supported operations.
+    #
+    #   @option options [String] :endpoint
+    #     The client endpoint is normally constructed from the `:region`
+    #     option. You should only configure an `:endpoint` when connecting
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
+    #
+    #   @option options [Integer] :endpoint_cache_max_entries (1000)
+    #     Used for the maximum size limit of the LRU cache storing endpoints data
+    #     for endpoint discovery enabled operations. Defaults to 1000.
+    #
+    #   @option options [Integer] :endpoint_cache_max_threads (10)
+    #     Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
+    #
+    #   @option options [Integer] :endpoint_cache_poll_interval (60)
+    #     When :endpoint_discovery and :active_endpoint_cache is enabled,
+    #     Use this option to config the time interval in seconds for making
+    #     requests fetching endpoints information. Defaults to 60 sec.
+    #
+    #   @option options [Boolean] :endpoint_discovery (false)
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
+    #
+    #   @option options [Boolean] :ignore_configured_endpoint_urls
+    #     Setting to true disables use of endpoint URLs provided via environment
+    #     variables and the shared configuration file.
+    #
+    #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
+    #     The log formatter.
+    #
+    #   @option options [Symbol] :log_level (:info)
+    #     The log level to send messages to the `:logger` at.
+    #
+    #   @option options [Logger] :logger
+    #     The Logger instance to send log messages to.  If this option
+    #     is not set, logging will be disabled.
+    #
+    #   @option options [Integer] :max_attempts (3)
+    #     An integer representing the maximum number attempts that will be made for
+    #     a single request, including the initial attempt.  For example,
+    #     setting this value to 5 will result in a request being retried up to
+    #     4 times. Used in `standard` and `adaptive` retry modes.
+    #
+    #   @option options [String] :profile ("default")
+    #     Used when loading credentials from the shared credentials file
+    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #
+    #   @option options [Integer] :request_min_compression_size_bytes (10240)
+    #     The minimum size in bytes that triggers compression for request
+    #     bodies. The value must be non-negative integer value between 0
+    #     and 10485780 bytes inclusive.
+    #
+    #   @option options [Proc] :retry_backoff
+    #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
+    #     This option is only used in the `legacy` retry mode.
+    #
+    #   @option options [Float] :retry_base_delay (0.3)
+    #     The base delay in seconds used by the default backoff function. This option
+    #     is only used in the `legacy` retry mode.
     #
-    #   * `Aws::Credentials` - Used for configuring static, non-refreshing
-    #     credentials.
+    #   @option options [Symbol] :retry_jitter (:none)
+    #     A delay randomiser function used by the default backoff function.
+    #     Some predefined functions can be referenced by name - :none, :equal, :full,
+    #     otherwise a Proc that takes and returns a number. This option is only used
+    #     in the `legacy` retry mode.
     #
-    #   * `Aws::InstanceProfileCredentials` - Used for loading credentials
-    #     from an EC2 IMDS on an EC2 instance.
+    #     @see https://www.awsarchitectureblog.com/2015/03/backoff.html
     #
-    #   * `Aws::SharedCredentials` - Used for loading credentials from a
-    #     shared file, such as `~/.aws/config`.
+    #   @option options [Integer] :retry_limit (3)
+    #     The maximum number of times to retry failed requests.  Only
+    #     ~ 500 level server errors and certain ~ 400 level client errors
+    #     are retried.  Generally, these are throttling errors, data
+    #     checksum errors, networking errors, timeout errors, auth errors,
+    #     endpoint discovery, and errors from expired credentials.
+    #     This option is only used in the `legacy` retry mode.
+    #
+    #   @option options [Integer] :retry_max_delay (0)
+    #     The maximum number of seconds to delay between retries (0 for no limit)
+    #     used by the default backoff function. This option is only used in the
+    #     `legacy` retry mode.
     #
-    #   * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #   @option options [String] :retry_mode ("legacy")
+    #     Specifies which retry algorithm to use. Values are:
     #
-    #   When `:credentials` are not configured directly, the following
-    #   locations will be searched for credentials:
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
     #
-    #   * `Aws.config[:credentials]`
-    #   * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #   * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
-    #   * `~/.aws/credentials`
-    #   * `~/.aws/config`
-    #   * EC2 IMDS instance profile - When used by default, the timeouts are
-    #     very aggressive. Construct and pass an instance of
-    #     `Aws::InstanceProfileCredentails` to enable retries and extended
-    #     timeouts.
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
     #
-    # @option options [required, String] :region
-    #   The AWS region to connect to.  The configured `:region` is
-    #   used to determine the service `:endpoint`. When not passed,
-    #   a default `:region` is search for in the following locations:
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
+    #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
     #
-    #   * `Aws.config[:region]`
-    #   * `ENV['AWS_REGION']`
-    #   * `ENV['AMAZON_REGION']`
-    #   * `ENV['AWS_DEFAULT_REGION']`
-    #   * `~/.aws/credentials`
-    #   * `~/.aws/config`
+    #   @option options [String] :secret_access_key
+    #
+    #   @option options [String] :session_token
     #
-    # @option options [String] :access_key_id
+    #   @option options [Boolean] :simple_json (false)
+    #     Disables request parameter conversion, validation, and formatting.
+    #     Also disable response data type conversions. This option is useful
+    #     when you want to ensure the highest level of performance by
+    #     avoiding overhead of walking request parameters and response data
+    #     structures.
     #
-    # @option options [Boolean] :convert_params (true)
-    #   When `true`, an attempt is made to coerce request parameters into
-    #   the required types.
+    #     When `:simple_json` is enabled, the request parameters hash must
+    #     be formatted exactly as the DynamoDB API expects.
+    #
+    #   @option options [Boolean] :stub_responses (false)
+    #     Causes the client to return stubbed responses. By default
+    #     fake responses are generated and returned. You can specify
+    #     the response data to return or errors to raise by calling
+    #     {ClientStubs#stub_responses}. See {ClientStubs} for more information.
     #
-    # @option options [String] :endpoint
-    #   The client endpoint is normally constructed from the `:region`
-    #   option. You should only configure an `:endpoint` when connecting
-    #   to test endpoints. This should be avalid HTTP(S) URI.
+    #     ** Please note ** When response stubbing is enabled, no HTTP
+    #     requests are made, and retries are disabled.
     #
-    # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
-    #   The log formatter.
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
     #
-    # @option options [Symbol] :log_level (:info)
-    #   The log level to send messages to the `:logger` at.
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
     #
-    # @option options [Logger] :logger
-    #   The Logger instance to send log messages to.  If this option
-    #   is not set, logging will be disabled.
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
     #
-    # @option options [String] :profile ("default")
-    #   Used when loading credentials from the shared credentials file
-    #   at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #   @option options [Boolean] :validate_params (true)
+    #     When `true`, request parameters are validated before
+    #     sending the request.
     #
-    # @option options [Integer] :retry_limit (3)
-    #   The maximum number of times to retry failed requests.  Only
-    #   ~ 500 level server errors and certain ~ 400 level client errors
-    #   are retried.  Generally, these are throttling errors, data
-    #   checksum errors, networking errors, timeout errors and auth
-    #   errors from expired credentials.
+    #   @option options [Aws::ECR::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::ECR::EndpointParameters`
     #
-    # @option options [String] :secret_access_key
+    #   @option options [URI::HTTP,String] :http_proxy A proxy to send
+    #     requests through.  Formatted like 'http://proxy.com:123'.
     #
-    # @option options [String] :session_token
+    #   @option options [Float] :http_open_timeout (15) The number of
+    #     seconds to wait when opening a HTTP session before raising a
+    #     `Timeout::Error`.
     #
-    # @option options [Boolean] :simple_json (false)
-    #   Disables request parameter conversion, validation, and formatting.
-    #   Also disable response data type conversions. This option is useful
-    #   when you want to ensure the highest level of performance by
-    #   avoiding overhead of walking request parameters and response data
-    #   structures.
+    #   @option options [Float] :http_read_timeout (60) The default
+    #     number of seconds to wait for response data.  This value can
+    #     safely be set per-request on the session.
     #
-    #   When `:simple_json` is enabled, the request parameters hash must
-    #   be formatted exactly as the DynamoDB API expects.
+    #   @option options [Float] :http_idle_timeout (5) The number of
+    #     seconds a connection is allowed to sit idle before it is
+    #     considered stale.  Stale connections are closed and removed
+    #     from the pool before making a request.
     #
-    # @option options [Boolean] :stub_responses (false)
-    #   Causes the client to return stubbed responses. By default
-    #   fake responses are generated and returned. You can specify
-    #   the response data to return or errors to raise by calling
-    #   {ClientStubs#stub_responses}. See {ClientStubs} for more information.
+    #   @option options [Float] :http_continue_timeout (1) The number of
+    #     seconds to wait for a 100-continue response before sending the
+    #     request body.  This option has no effect unless the request has
+    #     "Expect" header set to "100-continue".  Defaults to `nil` which
+    #     disables this behaviour.  This value can safely be set per
+    #     request on the session.
     #
-    #   ** Please note ** When response stubbing is enabled, no HTTP
-    #   requests are made, and retries are disabled.
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
     #
-    # @option options [Boolean] :validate_params (true)
-    #   When `true`, request parameters are validated before
-    #   sending the request.
+    #   @option options [Boolean] :http_wire_trace (false) When `true`,
+    #     HTTP debug output will be sent to the `:logger`.
+    #
+    #   @option options [Boolean] :ssl_verify_peer (true) When `true`,
+    #     SSL peer certificates are verified when establishing a
+    #     connection.
+    #
+    #   @option options [String] :ssl_ca_bundle Full path to the SSL
+    #     certificate authority bundle file that should be used when
+    #     verifying peer certificates.  If you do not pass
+    #     `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
+    #     will be used if available.
+    #
+    #   @option options [String] :ssl_ca_directory Full path of the
+    #     directory that contains the unbundled SSL certificate
+    #     authority files for verifying peer certificates.  If you do
+    #     not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
+    #     system default will be used if available.
     #
     def initialize(*args)
       super
@@ -155,19 +398,22 @@ module Aws::ECR
 
     # @!group API Operations
 
-    # Check the availability of multiple image layers in a specified
-    # registry and repository.
+    # Checks the availability of one or more image layers in a repository.
+    #
+    # When an image is pushed to a repository, each image layer is checked
+    # to verify if it has been uploaded before. If it has been uploaded,
+    # then the image layer is skipped.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   image layers to check. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the image layers to check. If you do not specify a registry,
+    #   the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository that is associated with the image layers to
@@ -210,8 +456,8 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Deletes a list of specified images within a specified repository.
-    # Images are specified with either `imageTag` or `imageDigest`.
+    # Deletes a list of specified images within a repository. Images are
+    # specified with either an `imageTag` or `imageDigest`.
     #
     # You can remove a tag from an image by specifying the image's tag in
     # your request. When you remove the last tag from an image, the image is
@@ -221,9 +467,9 @@ module Aws::ECR
     # the image's digest in your request.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   image to delete. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the image to delete. If you do not specify a registry, the
+    #   default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The repository that contains the image to delete.
@@ -286,7 +532,7 @@ module Aws::ECR
     #   resp.failures #=> Array
     #   resp.failures[0].image_id.image_digest #=> String
     #   resp.failures[0].image_id.image_tag #=> String
-    #   resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag"
+    #   resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag", "ImageReferencedByManifestList", "KmsError", "UpstreamAccessDenied", "UpstreamTooManyRequests", "UpstreamUnavailable"
     #   resp.failures[0].failure_reason #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/BatchDeleteImage AWS API Documentation
@@ -298,14 +544,16 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Gets detailed information for specified images within a specified
-    # repository. Images are specified with either `imageTag` or
-    # `imageDigest`.
+    # Gets detailed information for an image. Images are specified with
+    # either an `imageTag` or `imageDigest`.
+    #
+    # When an image is pulled, the BatchGetImage API is called once to
+    # retrieve the image manifest.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   images to describe. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the images to describe. If you do not specify a registry, the
+    #   default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The repository that contains the images to describe.
@@ -381,10 +629,11 @@ module Aws::ECR
     #   resp.images[0].image_id.image_digest #=> String
     #   resp.images[0].image_id.image_tag #=> String
     #   resp.images[0].image_manifest #=> String
+    #   resp.images[0].image_manifest_media_type #=> String
     #   resp.failures #=> Array
     #   resp.failures[0].image_id.image_digest #=> String
     #   resp.failures[0].image_id.image_tag #=> String
-    #   resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag"
+    #   resp.failures[0].failure_code #=> String, one of "InvalidImageDigest", "InvalidImageTag", "ImageTagDoesNotMatchDigest", "ImageNotFound", "MissingDigestAndTag", "ImageReferencedByManifestList", "KmsError", "UpstreamAccessDenied", "UpstreamTooManyRequests", "UpstreamUnavailable"
     #   resp.failures[0].failure_reason #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/BatchGetImage AWS API Documentation
@@ -396,21 +645,64 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Gets the scanning configuration for one or more repositories.
+    #
+    # @option params [required, Array<String>] :repository_names
+    #   One or more repository names to get the scanning configuration for.
+    #
+    # @return [Types::BatchGetRepositoryScanningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetRepositoryScanningConfigurationResponse#scanning_configurations #scanning_configurations} => Array&lt;Types::RepositoryScanningConfiguration&gt;
+    #   * {Types::BatchGetRepositoryScanningConfigurationResponse#failures #failures} => Array&lt;Types::RepositoryScanningConfigurationFailure&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_repository_scanning_configuration({
+    #     repository_names: ["RepositoryName"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scanning_configurations #=> Array
+    #   resp.scanning_configurations[0].repository_arn #=> String
+    #   resp.scanning_configurations[0].repository_name #=> String
+    #   resp.scanning_configurations[0].scan_on_push #=> Boolean
+    #   resp.scanning_configurations[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
+    #   resp.scanning_configurations[0].applied_scan_filters #=> Array
+    #   resp.scanning_configurations[0].applied_scan_filters[0].filter #=> String
+    #   resp.scanning_configurations[0].applied_scan_filters[0].filter_type #=> String, one of "WILDCARD"
+    #   resp.failures #=> Array
+    #   resp.failures[0].repository_name #=> String
+    #   resp.failures[0].failure_code #=> String, one of "REPOSITORY_NOT_FOUND"
+    #   resp.failures[0].failure_reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/BatchGetRepositoryScanningConfiguration AWS API Documentation
+    #
+    # @overload batch_get_repository_scanning_configuration(params = {})
+    # @param [Hash] params ({})
+    def batch_get_repository_scanning_configuration(params = {}, options = {})
+      req = build_request(:batch_get_repository_scanning_configuration, params)
+      req.send_request(options)
+    end
+
     # Informs Amazon ECR that the image layer upload has completed for a
     # specified registry, repository name, and upload ID. You can optionally
     # provide a `sha256` digest of the image layer for data validation
     # purposes.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # When an image is pushed, the CompleteLayerUpload API is called once
+    # per each new image layer to verify that the upload has completed.
+    #
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry to which to upload
-    #   layers. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry to
+    #   which to upload layers. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to associate with the image layer.
@@ -454,7 +746,99 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Creates an image repository.
+    # Creates a pull through cache rule. A pull through cache rule provides
+    # a way to cache images from an upstream registry source in your Amazon
+    # ECR private registry. For more information, see [Using pull through
+    # cache rules][1] in the *Amazon Elastic Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html
+    #
+    # @option params [required, String] :ecr_repository_prefix
+    #   The repository name prefix to use when caching images from the source
+    #   registry.
+    #
+    # @option params [required, String] :upstream_registry_url
+    #   The registry URL of the upstream public registry to use as the source
+    #   for the pull through cache rule. The following is the syntax to use
+    #   for each supported upstream registry.
+    #
+    #   * Amazon ECR Public (`ecr-public`) - `public.ecr.aws`
+    #
+    #   * Docker Hub (`docker-hub`) - `registry-1.docker.io`
+    #
+    #   * Quay (`quay`) - `quay.io`
+    #
+    #   * Kubernetes (`k8s`) - `registry.k8s.io`
+    #
+    #   * GitHub Container Registry (`github-container-registry`) - `ghcr.io`
+    #
+    #   * Microsoft Azure Container Registry (`azure-container-registry`) -
+    #     `<custom>.azurecr.io`
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry to
+    #   create the pull through cache rule for. If you do not specify a
+    #   registry, the default registry is assumed.
+    #
+    # @option params [String] :upstream_registry
+    #   The name of the upstream registry.
+    #
+    # @option params [String] :credential_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services Secrets
+    #   Manager secret that identifies the credentials to authenticate to the
+    #   upstream registry.
+    #
+    # @return [Types::CreatePullThroughCacheRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePullThroughCacheRuleResponse#ecr_repository_prefix #ecr_repository_prefix} => String
+    #   * {Types::CreatePullThroughCacheRuleResponse#upstream_registry_url #upstream_registry_url} => String
+    #   * {Types::CreatePullThroughCacheRuleResponse#created_at #created_at} => Time
+    #   * {Types::CreatePullThroughCacheRuleResponse#registry_id #registry_id} => String
+    #   * {Types::CreatePullThroughCacheRuleResponse#upstream_registry #upstream_registry} => String
+    #   * {Types::CreatePullThroughCacheRuleResponse#credential_arn #credential_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_pull_through_cache_rule({
+    #     ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
+    #     upstream_registry_url: "Url", # required
+    #     registry_id: "RegistryId",
+    #     upstream_registry: "ecr-public", # accepts ecr-public, quay, k8s, docker-hub, github-container-registry, azure-container-registry
+    #     credential_arn: "CredentialArn",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ecr_repository_prefix #=> String
+    #   resp.upstream_registry_url #=> String
+    #   resp.created_at #=> Time
+    #   resp.registry_id #=> String
+    #   resp.upstream_registry #=> String, one of "ecr-public", "quay", "k8s", "docker-hub", "github-container-registry", "azure-container-registry"
+    #   resp.credential_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreatePullThroughCacheRule AWS API Documentation
+    #
+    # @overload create_pull_through_cache_rule(params = {})
+    # @param [Hash] params ({})
+    def create_pull_through_cache_rule(params = {}, options = {})
+      req = build_request(:create_pull_through_cache_rule, params)
+      req.send_request(options)
+    end
+
+    # Creates a repository. For more information, see [Amazon ECR
+    # repositories][1] in the *Amazon Elastic Container Registry User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry to
+    #   create the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name to use for the repository. The repository name may be
@@ -462,6 +846,32 @@ module Aws::ECR
     #   with a namespace to group the repository into a category (such as
     #   `project-a/nginx-web-app`).
     #
+    #   The repository name must start with a letter and can only contain
+    #   lowercase letters, numbers, hyphens, underscores, and forward slashes.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   The metadata that you apply to the repository to help you categorize
+    #   and organize them. Each tag consists of a key and an optional value,
+    #   both of which you define. Tag keys can have a maximum character length
+    #   of 128 characters, and tag values can have a maximum length of 256
+    #   characters.
+    #
+    # @option params [String] :image_tag_mutability
+    #   The tag mutability setting for the repository. If this parameter is
+    #   omitted, the default setting of `MUTABLE` will be used which will
+    #   allow image tags to be overwritten. If `IMMUTABLE` is specified, all
+    #   image tags within the repository will be immutable which will prevent
+    #   them from being overwritten.
+    #
+    # @option params [Types::ImageScanningConfiguration] :image_scanning_configuration
+    #   The image scanning configuration for the repository. This determines
+    #   whether images are scanned for known vulnerabilities after being
+    #   pushed to the repository.
+    #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   The encryption configuration for the repository. This determines how
+    #   the contents of your repository are encrypted at rest.
+    #
     # @return [Types::CreateRepositoryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateRepositoryResponse#repository #repository} => Types::Repository
@@ -488,7 +898,22 @@ module Aws::ECR
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_repository({
+    #     registry_id: "RegistryId",
     #     repository_name: "RepositoryName", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #     image_tag_mutability: "MUTABLE", # accepts MUTABLE, IMMUTABLE
+    #     image_scanning_configuration: {
+    #       scan_on_push: false,
+    #     },
+    #     encryption_configuration: {
+    #       encryption_type: "AES256", # required, accepts AES256, KMS
+    #       kms_key: "KmsKey",
+    #     },
     #   })
     #
     # @example Response structure
@@ -498,6 +923,10 @@ module Aws::ECR
     #   resp.repository.repository_name #=> String
     #   resp.repository.repository_uri #=> String
     #   resp.repository.created_at #=> Time
+    #   resp.repository.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE"
+    #   resp.repository.image_scanning_configuration.scan_on_push #=> Boolean
+    #   resp.repository.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS"
+    #   resp.repository.encryption_configuration.kms_key #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepository AWS API Documentation
     #
@@ -508,12 +937,12 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Deletes the specified lifecycle policy.
+    # Deletes the lifecycle policy associated with the specified repository.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository.
@@ -548,19 +977,87 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Deletes an existing image repository. If a repository contains images,
-    # you must use the `force` option to delete it.
+    # Deletes a pull through cache rule.
+    #
+    # @option params [required, String] :ecr_repository_prefix
+    #   The Amazon ECR repository prefix associated with the pull through
+    #   cache rule to delete.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository to delete. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the pull through cache rule. If you do not specify a
+    #   registry, the default registry is assumed.
+    #
+    # @return [Types::DeletePullThroughCacheRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeletePullThroughCacheRuleResponse#ecr_repository_prefix #ecr_repository_prefix} => String
+    #   * {Types::DeletePullThroughCacheRuleResponse#upstream_registry_url #upstream_registry_url} => String
+    #   * {Types::DeletePullThroughCacheRuleResponse#created_at #created_at} => Time
+    #   * {Types::DeletePullThroughCacheRuleResponse#registry_id #registry_id} => String
+    #   * {Types::DeletePullThroughCacheRuleResponse#credential_arn #credential_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_pull_through_cache_rule({
+    #     ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
+    #     registry_id: "RegistryId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ecr_repository_prefix #=> String
+    #   resp.upstream_registry_url #=> String
+    #   resp.created_at #=> Time
+    #   resp.registry_id #=> String
+    #   resp.credential_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeletePullThroughCacheRule AWS API Documentation
+    #
+    # @overload delete_pull_through_cache_rule(params = {})
+    # @param [Hash] params ({})
+    def delete_pull_through_cache_rule(params = {}, options = {})
+      req = build_request(:delete_pull_through_cache_rule, params)
+      req.send_request(options)
+    end
+
+    # Deletes the registry permissions policy.
+    #
+    # @return [Types::DeleteRegistryPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteRegistryPolicyResponse#registry_id #registry_id} => String
+    #   * {Types::DeleteRegistryPolicyResponse#policy_text #policy_text} => String
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.policy_text #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRegistryPolicy AWS API Documentation
+    #
+    # @overload delete_registry_policy(params = {})
+    # @param [Hash] params ({})
+    def delete_registry_policy(params = {}, options = {})
+      req = build_request(:delete_registry_policy, params)
+      req.send_request(options)
+    end
+
+    # Deletes a repository. If the repository isn't empty, you must either
+    # delete the contents of the repository or use the `force` option to
+    # delete the repository and have Amazon ECR delete all of its contents
+    # on your behalf.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository to delete. If you do not specify a registry,
+    #   the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to delete.
     #
     # @option params [Boolean] :force
-    #   If a repository contains images, forces the deletion.
+    #   If true, deleting the repository force deletes the contents of the
+    #   repository. If false, the repository must be empty before attempting
+    #   to delete it.
     #
     # @return [Types::DeleteRepositoryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -601,6 +1098,10 @@ module Aws::ECR
     #   resp.repository.repository_name #=> String
     #   resp.repository.repository_uri #=> String
     #   resp.repository.created_at #=> Time
+    #   resp.repository.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE"
+    #   resp.repository.image_scanning_configuration.scan_on_push #=> Boolean
+    #   resp.repository.encryption_configuration.encryption_type #=> String, one of "AES256", "KMS"
+    #   resp.repository.encryption_configuration.kms_key #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRepository AWS API Documentation
     #
@@ -611,12 +1112,13 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Deletes the repository policy from a specified repository.
+    # Deletes the repository policy associated with the specified
+    # repository.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository policy to delete. If you do not specify a registry, the
-    #   default registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository policy to delete. If you do not specify a
+    #   registry, the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository that is associated with the repository
@@ -666,8 +1168,209 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Returns metadata about the images in a repository, including image
-    # size, image tags, and creation date.
+    # Returns the replication status for a specified image.
+    #
+    # @option params [required, String] :repository_name
+    #   The name of the repository that the image is in.
+    #
+    # @option params [required, Types::ImageIdentifier] :image_id
+    #   An object with identifying information for an image in an Amazon ECR
+    #   repository.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry. If
+    #   you do not specify a registry, the default registry is assumed.
+    #
+    # @return [Types::DescribeImageReplicationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeImageReplicationStatusResponse#repository_name #repository_name} => String
+    #   * {Types::DescribeImageReplicationStatusResponse#image_id #image_id} => Types::ImageIdentifier
+    #   * {Types::DescribeImageReplicationStatusResponse#replication_statuses #replication_statuses} => Array&lt;Types::ImageReplicationStatus&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_image_replication_status({
+    #     repository_name: "RepositoryName", # required
+    #     image_id: { # required
+    #       image_digest: "ImageDigest",
+    #       image_tag: "ImageTag",
+    #     },
+    #     registry_id: "RegistryId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.repository_name #=> String
+    #   resp.image_id.image_digest #=> String
+    #   resp.image_id.image_tag #=> String
+    #   resp.replication_statuses #=> Array
+    #   resp.replication_statuses[0].region #=> String
+    #   resp.replication_statuses[0].registry_id #=> String
+    #   resp.replication_statuses[0].status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED"
+    #   resp.replication_statuses[0].failure_code #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageReplicationStatus AWS API Documentation
+    #
+    # @overload describe_image_replication_status(params = {})
+    # @param [Hash] params ({})
+    def describe_image_replication_status(params = {}, options = {})
+      req = build_request(:describe_image_replication_status, params)
+      req.send_request(options)
+    end
+
+    # Returns the scan findings for the specified image.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to describe the image scan findings
+    #   for. If you do not specify a registry, the default registry is
+    #   assumed.
+    #
+    # @option params [required, String] :repository_name
+    #   The repository for the image for which to describe the scan findings.
+    #
+    # @option params [required, Types::ImageIdentifier] :image_id
+    #   An object with identifying information for an image in an Amazon ECR
+    #   repository.
+    #
+    # @option params [String] :next_token
+    #   The `nextToken` value returned from a previous paginated
+    #   `DescribeImageScanFindings` request where `maxResults` was used and
+    #   the results exceeded the value of that parameter. Pagination continues
+    #   from the end of the previous results that returned the `nextToken`
+    #   value. This value is null when there are no more results to return.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of image scan results returned by
+    #   `DescribeImageScanFindings` in paginated output. When this parameter
+    #   is used, `DescribeImageScanFindings` only returns `maxResults` results
+    #   in a single page along with a `nextToken` response element. The
+    #   remaining results of the initial request can be seen by sending
+    #   another `DescribeImageScanFindings` request with the returned
+    #   `nextToken` value. This value can be between 1 and 1000. If this
+    #   parameter is not used, then `DescribeImageScanFindings` returns up to
+    #   100 results and a `nextToken` value, if applicable.
+    #
+    # @return [Types::DescribeImageScanFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeImageScanFindingsResponse#registry_id #registry_id} => String
+    #   * {Types::DescribeImageScanFindingsResponse#repository_name #repository_name} => String
+    #   * {Types::DescribeImageScanFindingsResponse#image_id #image_id} => Types::ImageIdentifier
+    #   * {Types::DescribeImageScanFindingsResponse#image_scan_status #image_scan_status} => Types::ImageScanStatus
+    #   * {Types::DescribeImageScanFindingsResponse#image_scan_findings #image_scan_findings} => Types::ImageScanFindings
+    #   * {Types::DescribeImageScanFindingsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_image_scan_findings({
+    #     registry_id: "RegistryId",
+    #     repository_name: "RepositoryName", # required
+    #     image_id: { # required
+    #       image_digest: "ImageDigest",
+    #       image_tag: "ImageTag",
+    #     },
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.repository_name #=> String
+    #   resp.image_id.image_digest #=> String
+    #   resp.image_id.image_tag #=> String
+    #   resp.image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE"
+    #   resp.image_scan_status.description #=> String
+    #   resp.image_scan_findings.image_scan_completed_at #=> Time
+    #   resp.image_scan_findings.vulnerability_source_updated_at #=> Time
+    #   resp.image_scan_findings.finding_severity_counts #=> Hash
+    #   resp.image_scan_findings.finding_severity_counts["FindingSeverity"] #=> Integer
+    #   resp.image_scan_findings.findings #=> Array
+    #   resp.image_scan_findings.findings[0].name #=> String
+    #   resp.image_scan_findings.findings[0].description #=> String
+    #   resp.image_scan_findings.findings[0].uri #=> String
+    #   resp.image_scan_findings.findings[0].severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL", "UNDEFINED"
+    #   resp.image_scan_findings.findings[0].attributes #=> Array
+    #   resp.image_scan_findings.findings[0].attributes[0].key #=> String
+    #   resp.image_scan_findings.findings[0].attributes[0].value #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
+    #   resp.image_scan_findings.enhanced_findings #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].aws_account_id #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].description #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].finding_arn #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].first_observed_at #=> Time
+    #   resp.image_scan_findings.enhanced_findings[0].last_observed_at #=> Time
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].base_score #=> Float
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].scoring_vector #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].source #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.cvss[0].version #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.reference_urls #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.reference_urls[0] #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.related_vulnerabilities #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.related_vulnerabilities[0] #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.source #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.source_url #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_created_at #=> Time
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_severity #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vendor_updated_at #=> Time
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerability_id #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].arch #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].epoch #=> Integer
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].file_path #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].name #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].package_manager #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].release #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].source_layer_hash #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].version #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.url #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.text #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.architecture #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.author #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_hash #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_tags #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.image_tags[0] #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.platform #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.pushed_at #=> Time
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.registry #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].details.aws_ecr_container_image.repository_name #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].id #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].tags #=> Hash
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].tags["TagKey"] #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].resources[0].type #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].score #=> Float
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments #=> Array
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments[0].metric #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.adjustments[0].reason #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.score #=> Float
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.score_source #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.scoring_vector #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].score_details.cvss.version #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].severity #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].status #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].title #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].type #=> String
+    #   resp.image_scan_findings.enhanced_findings[0].updated_at #=> Time
+    #   resp.next_token #=> String
+    #
+    #
+    # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
+    #
+    #   * image_scan_complete
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImageScanFindings AWS API Documentation
+    #
+    # @overload describe_image_scan_findings(params = {})
+    # @param [Hash] params ({})
+    def describe_image_scan_findings(params = {}, options = {})
+      req = build_request(:describe_image_scan_findings, params)
+      req.send_request(options)
+    end
+
+    # Returns metadata about the images in a repository.
     #
     # <note markdown="1"> Beginning with Docker version 1.9, the Docker client compresses image
     # layers before pushing them to a V2 Docker registry. The output of the
@@ -678,13 +1381,12 @@ module Aws::ECR
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository in which to describe images. If you do not specify a
-    #   registry, the default registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to describe images. If you do not
+    #   specify a registry, the default registry is assumed.
     #
     # @option params [required, String] :repository_name
-    #   A list of repositories to describe. If this parameter is omitted, then
-    #   all repositories in a registry are described.
+    #   The repository that contains the images to describe.
     #
     # @option params [Array<Types::ImageIdentifier>] :image_ids
     #   The list of image IDs for the requested repository.
@@ -703,7 +1405,7 @@ module Aws::ECR
     #   only returns `maxResults` results in a single page along with a
     #   `nextToken` response element. The remaining results of the initial
     #   request can be seen by sending another `DescribeImages` request with
-    #   the returned `nextToken` value. This value can be between 1 and 100.
+    #   the returned `nextToken` value. This value can be between 1 and 1000.
     #   If this parameter is not used, then `DescribeImages` returns up to 100
     #   results and a `nextToken` value, if applicable. This option cannot be
     #   used when you specify images with `imageIds`.
@@ -717,6 +1419,8 @@ module Aws::ECR
     #   * {Types::DescribeImagesResponse#image_details #image_details} => Array&lt;Types::ImageDetail&gt;
     #   * {Types::DescribeImagesResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_images({
@@ -731,7 +1435,7 @@ module Aws::ECR
     #     next_token: "NextToken",
     #     max_results: 1,
     #     filter: {
-    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED
+    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
     #     },
     #   })
     #
@@ -745,6 +1449,15 @@ module Aws::ECR
     #   resp.image_details[0].image_tags[0] #=> String
     #   resp.image_details[0].image_size_in_bytes #=> Integer
     #   resp.image_details[0].image_pushed_at #=> Time
+    #   resp.image_details[0].image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE"
+    #   resp.image_details[0].image_scan_status.description #=> String
+    #   resp.image_details[0].image_scan_findings_summary.image_scan_completed_at #=> Time
+    #   resp.image_details[0].image_scan_findings_summary.vulnerability_source_updated_at #=> Time
+    #   resp.image_details[0].image_scan_findings_summary.finding_severity_counts #=> Hash
+    #   resp.image_details[0].image_scan_findings_summary.finding_severity_counts["FindingSeverity"] #=> Integer
+    #   resp.image_details[0].image_manifest_media_type #=> String
+    #   resp.image_details[0].artifact_media_type #=> String
+    #   resp.image_details[0].last_recorded_pull_time #=> Time
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeImages AWS API Documentation
@@ -756,12 +1469,110 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Returns the pull through cache rules for a registry.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry to
+    #   return the pull through cache rules for. If you do not specify a
+    #   registry, the default registry is assumed.
+    #
+    # @option params [Array<String>] :ecr_repository_prefixes
+    #   The Amazon ECR repository prefixes associated with the pull through
+    #   cache rules to return. If no repository prefix value is specified, all
+    #   pull through cache rules are returned.
+    #
+    # @option params [String] :next_token
+    #   The `nextToken` value returned from a previous paginated
+    #   `DescribePullThroughCacheRulesRequest` request where `maxResults` was
+    #   used and the results exceeded the value of that parameter. Pagination
+    #   continues from the end of the previous results that returned the
+    #   `nextToken` value. This value is null when there are no more results
+    #   to return.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of pull through cache rules returned by
+    #   `DescribePullThroughCacheRulesRequest` in paginated output. When this
+    #   parameter is used, `DescribePullThroughCacheRulesRequest` only returns
+    #   `maxResults` results in a single page along with a `nextToken`
+    #   response element. The remaining results of the initial request can be
+    #   seen by sending another `DescribePullThroughCacheRulesRequest` request
+    #   with the returned `nextToken` value. This value can be between 1 and
+    #   1000. If this parameter is not used, then
+    #   `DescribePullThroughCacheRulesRequest` returns up to 100 results and a
+    #   `nextToken` value, if applicable.
+    #
+    # @return [Types::DescribePullThroughCacheRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribePullThroughCacheRulesResponse#pull_through_cache_rules #pull_through_cache_rules} => Array&lt;Types::PullThroughCacheRule&gt;
+    #   * {Types::DescribePullThroughCacheRulesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_pull_through_cache_rules({
+    #     registry_id: "RegistryId",
+    #     ecr_repository_prefixes: ["PullThroughCacheRuleRepositoryPrefix"],
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.pull_through_cache_rules #=> Array
+    #   resp.pull_through_cache_rules[0].ecr_repository_prefix #=> String
+    #   resp.pull_through_cache_rules[0].upstream_registry_url #=> String
+    #   resp.pull_through_cache_rules[0].created_at #=> Time
+    #   resp.pull_through_cache_rules[0].registry_id #=> String
+    #   resp.pull_through_cache_rules[0].credential_arn #=> String
+    #   resp.pull_through_cache_rules[0].upstream_registry #=> String, one of "ecr-public", "quay", "k8s", "docker-hub", "github-container-registry", "azure-container-registry"
+    #   resp.pull_through_cache_rules[0].updated_at #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribePullThroughCacheRules AWS API Documentation
+    #
+    # @overload describe_pull_through_cache_rules(params = {})
+    # @param [Hash] params ({})
+    def describe_pull_through_cache_rules(params = {}, options = {})
+      req = build_request(:describe_pull_through_cache_rules, params)
+      req.send_request(options)
+    end
+
+    # Describes the settings for a registry. The replication configuration
+    # for a repository can be created or updated with the
+    # PutReplicationConfiguration API action.
+    #
+    # @return [Types::DescribeRegistryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeRegistryResponse#registry_id #registry_id} => String
+    #   * {Types::DescribeRegistryResponse#replication_configuration #replication_configuration} => Types::ReplicationConfiguration
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.replication_configuration.rules #=> Array
+    #   resp.replication_configuration.rules[0].destinations #=> Array
+    #   resp.replication_configuration.rules[0].destinations[0].region #=> String
+    #   resp.replication_configuration.rules[0].destinations[0].registry_id #=> String
+    #   resp.replication_configuration.rules[0].repository_filters #=> Array
+    #   resp.replication_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.replication_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "PREFIX_MATCH"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRegistry AWS API Documentation
+    #
+    # @overload describe_registry(params = {})
+    # @param [Hash] params ({})
+    def describe_registry(params = {}, options = {})
+      req = build_request(:describe_registry, params)
+      req.send_request(options)
+    end
+
     # Describes image repositories in a registry.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repositories to be described. If you do not specify a registry, the
-    #   default registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repositories to be described. If you do not specify a
+    #   registry, the default registry is assumed.
     #
     # @option params [Array<String>] :repository_names
     #   A list of repositories to describe. If this parameter is omitted, then
@@ -789,7 +1600,7 @@ module Aws::ECR
     #   single page along with a `nextToken` response element. The remaining
     #   results of the initial request can be seen by sending another
     #   `DescribeRepositories` request with the returned `nextToken` value.
-    #   This value can be between 1 and 100. If this parameter is not used,
+    #   This value can be between 1 and 1000. If this parameter is not used,
     #   then `DescribeRepositories` returns up to 100 results and a
     #   `nextToken` value, if applicable. This option cannot be used when you
     #   specify repositories with `repositoryNames`.
@@ -799,6 +1610,8 @@ module Aws::ECR
     #   * {Types::DescribeRepositoriesResponse#repositories #repositories} => Array&lt;Types::Repository&gt;
     #   * {Types::DescribeRepositoriesResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     #
     # @example Example: To describe all repositories in the current account
     #
@@ -841,6 +1654,10 @@ module Aws::ECR
     #   resp.repositories[0].repository_name #=> String
     #   resp.repositories[0].repository_uri #=> String
     #   resp.repositories[0].created_at #=> Time
+    #   resp.repositories[0].image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE"
+    #   resp.repositories[0].image_scanning_configuration.scan_on_push #=> Boolean
+    #   resp.repositories[0].encryption_configuration.encryption_type #=> String, one of "AES256", "KMS"
+    #   resp.repositories[0].encryption_configuration.kms_key #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRepositories AWS API Documentation
@@ -852,20 +1669,26 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Retrieves a token that is valid for a specified registry for 12 hours.
-    # This command allows you to use the `docker` CLI to push and pull
-    # images with Amazon ECR. If you do not specify a registry, the default
-    # registry is assumed.
+    # Retrieves an authorization token. An authorization token represents
+    # your IAM authentication credentials and can be used to access any
+    # Amazon ECR registry that your IAM principal has access to. The
+    # authorization token is valid for 12 hours.
     #
-    # The `authorizationToken` returned for each registry specified is a
-    # base64 encoded string that can be decoded and used in a `docker login`
-    # command to authenticate to a registry. The AWS CLI offers an `aws ecr
-    # get-login` command that simplifies the login process.
+    # The `authorizationToken` returned is a base64 encoded string that can
+    # be decoded and used in a `docker login` command to authenticate to a
+    # registry. The CLI offers an `get-login-password` command that
+    # simplifies the login process. For more information, see [Registry
+    # authentication][1] in the *Amazon Elastic Container Registry User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth
     #
     # @option params [Array<String>] :registry_ids
-    #   A list of AWS account IDs that are associated with the registries for
-    #   which to get authorization tokens. If you do not specify a registry,
-    #   the default registry is assumed.
+    #   A list of Amazon Web Services account IDs that are associated with the
+    #   registries for which to get AuthorizationData objects. If you do not
+    #   specify a registry, the default registry is assumed.
     #
     # @return [Types::GetAuthorizationTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -883,8 +1706,8 @@ module Aws::ECR
     #   {
     #     authorization_data: [
     #       {
-    #         authorization_token: "QVdTOkN...", 
-    #         expires_at: Time.parse("1470951892432"), 
+    #         authorization_token: "QVdTOkNEXAMPLE", 
+    #         expires_at: Time.parse("2022-05-17T06:56:13.652000+00:00"), 
     #         proxy_endpoint: "https://012345678901.dkr.ecr.us-west-2.amazonaws.com", 
     #       }, 
     #     ], 
@@ -916,16 +1739,19 @@ module Aws::ECR
     # image layer. You can only get URLs for image layers that are
     # referenced in an image.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # When an image is pulled, the GetDownloadUrlForLayer API is called once
+    # per image layer that is not already cached.
+    #
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   image layer to download. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the image layer to download. If you do not specify a
+    #   registry, the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository that is associated with the image layer to
@@ -961,12 +1787,12 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Retrieves the specified lifecycle policy.
+    # Retrieves the lifecycle policy for the specified repository.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository.
@@ -1001,13 +1827,13 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Retrieves the results of the specified lifecycle policy preview
-    # request.
+    # Retrieves the results of the lifecycle policy preview request for the
+    # specified repository.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository.
@@ -1032,7 +1858,7 @@ module Aws::ECR
     #   response element. The remaining results of the initial request can be
     #   seen by sending
 another `GetLifecyclePolicyPreviewRequest` request
     #   with the returned `nextToken`
 value. This value can be between 1 and
-    #   100. If this
 parameter is not used, then
+    #   1000. If this
 parameter is not used, then
     #   `GetLifecyclePolicyPreviewRequest` returns up to
 100 results and a
     #   `nextToken` value, if
 applicable. This option cannot be used when you
     #   specify images with `imageIds`.
@@ -1051,6 +1877,8 @@ module Aws::ECR
     #   * {Types::GetLifecyclePolicyPreviewResponse#preview_results #preview_results} => Array&lt;Types::LifecyclePolicyPreviewResult&gt;
     #   * {Types::GetLifecyclePolicyPreviewResponse#summary #summary} => Types::LifecyclePolicyPreviewSummary
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_lifecycle_policy_preview({
@@ -1065,7 +1893,7 @@ module Aws::ECR
     #     next_token: "NextToken",
     #     max_results: 1,
     #     filter: {
-    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED
+    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
     #     },
     #   })
     #
@@ -1085,6 +1913,11 @@ module Aws::ECR
     #   resp.preview_results[0].applied_rule_priority #=> Integer
     #   resp.summary.expiring_image_total_count #=> Integer
     #
+    #
+    # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
+    #
+    #   * lifecycle_policy_preview_complete
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetLifecyclePolicyPreview AWS API Documentation
     #
     # @overload get_lifecycle_policy_preview(params = {})
@@ -1094,12 +1927,59 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Retrieves the repository policy for a specified repository.
+    # Retrieves the permissions policy for a registry.
     #
-    # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    # @return [Types::GetRegistryPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetRegistryPolicyResponse#registry_id #registry_id} => String
+    #   * {Types::GetRegistryPolicyResponse#policy_text #policy_text} => String
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.policy_text #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetRegistryPolicy AWS API Documentation
+    #
+    # @overload get_registry_policy(params = {})
+    # @param [Hash] params ({})
+    def get_registry_policy(params = {}, options = {})
+      req = build_request(:get_registry_policy, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the scanning configuration for a registry.
+    #
+    # @return [Types::GetRegistryScanningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetRegistryScanningConfigurationResponse#registry_id #registry_id} => String
+    #   * {Types::GetRegistryScanningConfigurationResponse#scanning_configuration #scanning_configuration} => Types::RegistryScanningConfiguration
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.scanning_configuration.scan_type #=> String, one of "BASIC", "ENHANCED"
+    #   resp.scanning_configuration.rules #=> Array
+    #   resp.scanning_configuration.rules[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
+    #   resp.scanning_configuration.rules[0].repository_filters #=> Array
+    #   resp.scanning_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.scanning_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/GetRegistryScanningConfiguration AWS API Documentation
+    #
+    # @overload get_registry_scanning_configuration(params = {})
+    # @param [Hash] params ({})
+    def get_registry_scanning_configuration(params = {}, options = {})
+      req = build_request(:get_registry_scanning_configuration, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the repository policy for the specified repository.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository with the policy to retrieve.
@@ -1148,18 +2028,23 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Notify Amazon ECR that you intend to upload an image layer.
+    # Notifies Amazon ECR that you intend to upload an image layer.
+    #
+    # When an image is pushed, the InitiateLayerUpload API is called once
+    # per image layer that has not already been uploaded. Whether or not an
+    # image layer has been uploaded is determined by the
+    # BatchCheckLayerAvailability API action.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry to which you intend to
-    #   upload layers. If you do not specify a registry, the default registry
-    #   is assumed.
+    #   The Amazon Web Services account ID associated with the registry to
+    #   which you intend to upload layers. If you do not specify a registry,
+    #   the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to which you intend to upload layers.
@@ -1190,19 +2075,19 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Lists all the image IDs for a given repository.
+    # Lists all the image IDs for the specified repository.
     #
-    # You can filter images based on whether or not they are tagged by
-    # setting the `tagStatus` parameter to `TAGGED` or `UNTAGGED`. For
-    # example, you can filter your results to return only `UNTAGGED` images
-    # and then pipe that result to a BatchDeleteImage operation to delete
-    # them. Or, you can filter your results to return only `TAGGED` images
-    # to list all of the tags in your repository.
+    # You can filter images based on whether or not they are tagged by using
+    # the `tagStatus` filter and specifying either `TAGGED`, `UNTAGGED` or
+    # `ANY`. For example, you can filter your results to return only
+    # `UNTAGGED` images and then pipe that result to a BatchDeleteImage
+    # operation to delete them. Or, you can filter your results to return
+    # only `TAGGED` images to list all of the tags in your repository.
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository in which to list images. If you do not specify a registry,
-    #   the default registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to list images. If you do not specify
+    #   a registry, the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The repository with image IDs to be listed.
@@ -1226,7 +2111,7 @@ module Aws::ECR
     #   returns `maxResults` results in a single page along with a `nextToken`
     #   response element. The remaining results of the initial request can be
     #   seen by sending another `ListImages` request with the returned
-    #   `nextToken` value. This value can be between 1 and 100. If this
+    #   `nextToken` value. This value can be between 1 and 1000. If this
     #   parameter is not used, then `ListImages` returns up to 100 results and
     #   a `nextToken` value, if applicable.
     #
@@ -1239,6 +2124,8 @@ module Aws::ECR
     #   * {Types::ListImagesResponse#image_ids #image_ids} => Array&lt;Types::ImageIdentifier&gt;
     #   * {Types::ListImagesResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     #
     # @example Example: To list all images in a repository
     #
@@ -1266,7 +2153,7 @@ module Aws::ECR
     #     next_token: "NextToken",
     #     max_results: 1,
     #     filter: {
-    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED
+    #       tag_status: "TAGGED", # accepts TAGGED, UNTAGGED, ANY
     #     },
     #   })
     #
@@ -1286,19 +2173,55 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # List the tags for an Amazon ECR resource.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) that identifies the resource for which
+    #   to list the tags. Currently, the only supported resource is an Amazon
+    #   ECR repository.
+    #
+    # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTagsForResourceResponse#tags #tags} => Array&lt;Types::Tag&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_tags_for_resource({
+    #     resource_arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Array
+    #   resp.tags[0].key #=> String
+    #   resp.tags[0].value #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/ListTagsForResource AWS API Documentation
+    #
+    # @overload list_tags_for_resource(params = {})
+    # @param [Hash] params ({})
+    def list_tags_for_resource(params = {}, options = {})
+      req = build_request(:list_tags_for_resource, params)
+      req.send_request(options)
+    end
+
     # Creates or updates the image manifest and tags associated with an
     # image.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # When an image is pushed and all new image layers have been uploaded,
+    # the PutImage API is called once to create or update the image manifest
+    # and the tags associated with the image.
+    #
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository in which to put the image. If you do not specify a
-    #   registry, the default registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to put the image. If you do not
+    #   specify a registry, the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository in which to put the image.
@@ -1306,9 +2229,18 @@ module Aws::ECR
     # @option params [required, String] :image_manifest
     #   The image manifest corresponding to the image to be uploaded.
     #
+    # @option params [String] :image_manifest_media_type
+    #   The media type of the image manifest. If you push an image manifest
+    #   that does not contain the `mediaType` field, you must specify the
+    #   `imageManifestMediaType` in the request.
+    #
     # @option params [String] :image_tag
     #   The tag to associate with the image. This parameter is required for
-    #   images that use the Docker Image Manifest V2 Schema 2 or OCI formats.
+    #   images that use the Docker Image Manifest V2 Schema 2 or Open
+    #   Container Initiative (OCI) formats.
+    #
+    # @option params [String] :image_digest
+    #   The image digest of the image manifest corresponding to the image.
     #
     # @return [Types::PutImageResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1320,7 +2252,9 @@ module Aws::ECR
     #     registry_id: "RegistryId",
     #     repository_name: "RepositoryName", # required
     #     image_manifest: "ImageManifest", # required
+    #     image_manifest_media_type: "MediaType",
     #     image_tag: "ImageTag",
+    #     image_digest: "ImageDigest",
     #   })
     #
     # @example Response structure
@@ -1330,6 +2264,7 @@ module Aws::ECR
     #   resp.image.image_id.image_digest #=> String
     #   resp.image.image_id.image_tag #=> String
     #   resp.image.image_manifest #=> String
+    #   resp.image.image_manifest_media_type #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImage AWS API Documentation
     #
@@ -1340,19 +2275,124 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Creates or updates a lifecycle policy. For information about lifecycle
-    # policy syntax, see [Lifecycle Policy Template][1].
+    # The `PutImageScanningConfiguration` API is being deprecated, in favor
+    # of specifying the image scanning configuration at the registry level.
+    # For more information, see PutRegistryScanningConfiguration.
+    #
+    # Updates the image scanning configuration for the specified repository.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to update the image scanning
+    #   configuration setting. If you do not specify a registry, the default
+    #   registry is assumed.
+    #
+    # @option params [required, String] :repository_name
+    #   The name of the repository in which to update the image scanning
+    #   configuration setting.
+    #
+    # @option params [required, Types::ImageScanningConfiguration] :image_scanning_configuration
+    #   The image scanning configuration for the repository. This setting
+    #   determines whether images are scanned for known vulnerabilities after
+    #   being pushed to the repository.
+    #
+    # @return [Types::PutImageScanningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutImageScanningConfigurationResponse#registry_id #registry_id} => String
+    #   * {Types::PutImageScanningConfigurationResponse#repository_name #repository_name} => String
+    #   * {Types::PutImageScanningConfigurationResponse#image_scanning_configuration #image_scanning_configuration} => Types::ImageScanningConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_image_scanning_configuration({
+    #     registry_id: "RegistryId",
+    #     repository_name: "RepositoryName", # required
+    #     image_scanning_configuration: { # required
+    #       scan_on_push: false,
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.repository_name #=> String
+    #   resp.image_scanning_configuration.scan_on_push #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImageScanningConfiguration AWS API Documentation
+    #
+    # @overload put_image_scanning_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_image_scanning_configuration(params = {}, options = {})
+      req = build_request(:put_image_scanning_configuration, params)
+      req.send_request(options)
+    end
+
+    # Updates the image tag mutability settings for the specified
+    # repository. For more information, see [Image tag mutability][1] in the
+    # *Amazon Elastic Container Registry User Guide*.
     #
     #
     #
-    # [1]: http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do
 not specify a registry, the default registry is
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository do
 notin which to update the image tag mutability
+    #   settings. If you do not specify a registry, the default registry is
     #   assumed.
     #
     # @option params [required, String] :repository_name
+    #   The name of the repository in which to update the image tag mutability
+    #   settings.
+    #
+    # @option params [required, String] :image_tag_mutability
+    #   The tag mutability setting for the repository. If `MUTABLE` is
+    #   specified, image tags can be overwritten. If `IMMUTABLE` is specified,
+    #   all image tags within the repository will be immutable which will
+    #   prevent them from being overwritten.
+    #
+    # @return [Types::PutImageTagMutabilityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutImageTagMutabilityResponse#registry_id #registry_id} => String
+    #   * {Types::PutImageTagMutabilityResponse#repository_name #repository_name} => String
+    #   * {Types::PutImageTagMutabilityResponse#image_tag_mutability #image_tag_mutability} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_image_tag_mutability({
+    #     registry_id: "RegistryId",
+    #     repository_name: "RepositoryName", # required
+    #     image_tag_mutability: "MUTABLE", # required, accepts MUTABLE, IMMUTABLE
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.repository_name #=> String
+    #   resp.image_tag_mutability #=> String, one of "MUTABLE", "IMMUTABLE"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutImageTagMutability AWS API Documentation
+    #
+    # @overload put_image_tag_mutability(params = {})
+    # @param [Hash] params ({})
+    def put_image_tag_mutability(params = {}, options = {})
+      req = build_request(:put_image_tag_mutability, params)
+      req.send_request(options)
+    end
+
+    # Creates or updates the lifecycle policy for the specified repository.
+    # For more information, see [Lifecycle policy template][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do
 not specify a registry, the
+    #   default registry is assumed.
+    #
+    # @option params [required, String] :repository_name
     #   The name of the repository to receive the policy.
     #
     # @option params [required, String] :lifecycle_policy_text
@@ -1387,19 +2427,206 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Applies a repository policy on a specified repository to control
-    # access permissions.
+    # Creates or updates the permissions policy for your registry.
+    #
+    # A registry policy is used to specify permissions for another Amazon
+    # Web Services account and is used when configuring cross-account
+    # replication. For more information, see [Registry permissions][1] in
+    # the *Amazon Elastic Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html
+    #
+    # @option params [required, String] :policy_text
+    #   The JSON policy text to apply to your registry. The policy text
+    #   follows the same format as IAM policy text. For more information, see
+    #   [Registry permissions][1] in the *Amazon Elastic Container Registry
+    #   User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html
+    #
+    # @return [Types::PutRegistryPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutRegistryPolicyResponse#registry_id #registry_id} => String
+    #   * {Types::PutRegistryPolicyResponse#policy_text #policy_text} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_registry_policy({
+    #     policy_text: "RegistryPolicyText", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.policy_text #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutRegistryPolicy AWS API Documentation
+    #
+    # @overload put_registry_policy(params = {})
+    # @param [Hash] params ({})
+    def put_registry_policy(params = {}, options = {})
+      req = build_request(:put_registry_policy, params)
+      req.send_request(options)
+    end
+
+    # Creates or updates the scanning configuration for your private
+    # registry.
+    #
+    # @option params [String] :scan_type
+    #   The scanning type to set for the registry.
+    #
+    #   When a registry scanning configuration is not defined, by default the
+    #   `BASIC` scan type is used. When basic scanning is used, you may
+    #   specify filters to determine which individual repositories, or all
+    #   repositories, are scanned when new images are pushed to those
+    #   repositories. Alternatively, you can do manual scans of images with
+    #   basic scanning.
+    #
+    #   When the `ENHANCED` scan type is set, Amazon Inspector provides
+    #   automated vulnerability scanning. You may choose between continuous
+    #   scanning or scan on push and you may specify filters to determine
+    #   which individual repositories, or all repositories, are scanned.
+    #
+    # @option params [Array<Types::RegistryScanningRule>] :rules
+    #   The scanning rules to use for the registry. A scanning rule is used to
+    #   determine which repository filters are used and at what frequency
+    #   scanning will occur.
+    #
+    # @return [Types::PutRegistryScanningConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutRegistryScanningConfigurationResponse#registry_scanning_configuration #registry_scanning_configuration} => Types::RegistryScanningConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_registry_scanning_configuration({
+    #     scan_type: "BASIC", # accepts BASIC, ENHANCED
+    #     rules: [
+    #       {
+    #         scan_frequency: "SCAN_ON_PUSH", # required, accepts SCAN_ON_PUSH, CONTINUOUS_SCAN, MANUAL
+    #         repository_filters: [ # required
+    #           {
+    #             filter: "ScanningRepositoryFilterValue", # required
+    #             filter_type: "WILDCARD", # required, accepts WILDCARD
+    #           },
+    #         ],
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_scanning_configuration.scan_type #=> String, one of "BASIC", "ENHANCED"
+    #   resp.registry_scanning_configuration.rules #=> Array
+    #   resp.registry_scanning_configuration.rules[0].scan_frequency #=> String, one of "SCAN_ON_PUSH", "CONTINUOUS_SCAN", "MANUAL"
+    #   resp.registry_scanning_configuration.rules[0].repository_filters #=> Array
+    #   resp.registry_scanning_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.registry_scanning_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "WILDCARD"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutRegistryScanningConfiguration AWS API Documentation
+    #
+    # @overload put_registry_scanning_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_registry_scanning_configuration(params = {}, options = {})
+      req = build_request(:put_registry_scanning_configuration, params)
+      req.send_request(options)
+    end
+
+    # Creates or updates the replication configuration for a registry. The
+    # existing replication configuration for a repository can be retrieved
+    # with the DescribeRegistry API action. The first time the
+    # PutReplicationConfiguration API is called, a service-linked IAM role
+    # is created in your account for the replication process. For more
+    # information, see [Using service-linked roles for Amazon ECR][1] in the
+    # *Amazon Elastic Container Registry User Guide*.
+    #
+    # <note markdown="1"> When configuring cross-account replication, the destination account
+    # must grant the source account permission to replicate. This permission
+    # is controlled using a registry permissions policy. For more
+    # information, see PutRegistryPolicy.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html
+    #
+    # @option params [required, Types::ReplicationConfiguration] :replication_configuration
+    #   An object representing the replication configuration for a registry.
+    #
+    # @return [Types::PutReplicationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutReplicationConfigurationResponse#replication_configuration #replication_configuration} => Types::ReplicationConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_replication_configuration({
+    #     replication_configuration: { # required
+    #       rules: [ # required
+    #         {
+    #           destinations: [ # required
+    #             {
+    #               region: "Region", # required
+    #               registry_id: "RegistryId", # required
+    #             },
+    #           ],
+    #           repository_filters: [
+    #             {
+    #               filter: "RepositoryFilterValue", # required
+    #               filter_type: "PREFIX_MATCH", # required, accepts PREFIX_MATCH
+    #             },
+    #           ],
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.replication_configuration.rules #=> Array
+    #   resp.replication_configuration.rules[0].destinations #=> Array
+    #   resp.replication_configuration.rules[0].destinations[0].region #=> String
+    #   resp.replication_configuration.rules[0].destinations[0].registry_id #=> String
+    #   resp.replication_configuration.rules[0].repository_filters #=> Array
+    #   resp.replication_configuration.rules[0].repository_filters[0].filter #=> String
+    #   resp.replication_configuration.rules[0].repository_filters[0].filter_type #=> String, one of "PREFIX_MATCH"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/PutReplicationConfiguration AWS API Documentation
+    #
+    # @overload put_replication_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_replication_configuration(params = {}, options = {})
+      req = build_request(:put_replication_configuration, params)
+      req.send_request(options)
+    end
+
+    # Applies a repository policy to the specified repository to control
+    # access permissions. For more information, see [Amazon ECR Repository
+    # policies][1] in the *Amazon Elastic Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to receive the policy.
     #
     # @option params [required, String] :policy_text
-    #   The JSON repository policy text to apply to the repository.
+    #   The JSON repository policy text to apply to the repository. For more
+    #   information, see [Amazon ECR repository policies][1] in the *Amazon
+    #   Elastic Container Registry User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
     #
     # @option params [Boolean] :force
     #   If the policy you are attempting to set on a repository policy would
@@ -1437,13 +2664,71 @@ module Aws::ECR
       req.send_request(options)
     end
 
-    # Starts a preview of the specified lifecycle policy. This allows you to
-    # see the results before creating the lifecycle policy.
+    # Starts an image vulnerability scan. An image scan can only be started
+    # once per 24 hours on an individual image. This limit includes if an
+    # image was scanned on initial push. For more information, see [Image
+    # scanning][1] in the *Amazon Elastic Container Registry User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry that contains the
-    #   repository. If you do not specify a registry, the default registry is
-    #   assumed.
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository in which to start an image scan request. If
+    #   you do not specify a registry, the default registry is assumed.
+    #
+    # @option params [required, String] :repository_name
+    #   The name of the repository that contains the images to scan.
+    #
+    # @option params [required, Types::ImageIdentifier] :image_id
+    #   An object with identifying information for an image in an Amazon ECR
+    #   repository.
+    #
+    # @return [Types::StartImageScanResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartImageScanResponse#registry_id #registry_id} => String
+    #   * {Types::StartImageScanResponse#repository_name #repository_name} => String
+    #   * {Types::StartImageScanResponse#image_id #image_id} => Types::ImageIdentifier
+    #   * {Types::StartImageScanResponse#image_scan_status #image_scan_status} => Types::ImageScanStatus
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_image_scan({
+    #     registry_id: "RegistryId",
+    #     repository_name: "RepositoryName", # required
+    #     image_id: { # required
+    #       image_digest: "ImageDigest",
+    #       image_tag: "ImageTag",
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.registry_id #=> String
+    #   resp.repository_name #=> String
+    #   resp.image_id.image_digest #=> String
+    #   resp.image_id.image_tag #=> String
+    #   resp.image_scan_status.status #=> String, one of "IN_PROGRESS", "COMPLETE", "FAILED", "UNSUPPORTED_IMAGE", "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE"
+    #   resp.image_scan_status.description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/StartImageScan AWS API Documentation
+    #
+    # @overload start_image_scan(params = {})
+    # @param [Hash] params ({})
+    def start_image_scan(params = {}, options = {})
+      req = build_request(:start_image_scan, params)
+      req.send_request(options)
+    end
+
+    # Starts a preview of a lifecycle policy for the specified repository.
+    # This allows you to see the results before associating the lifecycle
+    # policy with the repository.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry that
+    #   contains the repository. If you do not specify a registry, the default
+    #   registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to be evaluated.
@@ -1483,18 +2768,135 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Adds specified tags to a resource with the specified ARN. Existing
+    # tags on a resource are not changed if they are not specified in the
+    # request parameters.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the the resource to which to add
+    #   tags. Currently, the only supported resource is an Amazon ECR
+    #   repository.
+    #
+    # @option params [required, Array<Types::Tag>] :tags
+    #   The tags to add to the resource. A tag is an array of key-value pairs.
+    #   Tag keys can have a maximum character length of 128 characters, and
+    #   tag values can have a maximum length of 256 characters.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_resource({
+    #     resource_arn: "Arn", # required
+    #     tags: [ # required
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/TagResource AWS API Documentation
+    #
+    # @overload tag_resource(params = {})
+    # @param [Hash] params ({})
+    def tag_resource(params = {}, options = {})
+      req = build_request(:tag_resource, params)
+      req.send_request(options)
+    end
+
+    # Deletes specified tags from a resource.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the resource from which to remove
+    #   tags. Currently, the only supported resource is an Amazon ECR
+    #   repository.
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   The keys of the tags to be removed.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_resource({
+    #     resource_arn: "Arn", # required
+    #     tag_keys: ["TagKey"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UntagResource AWS API Documentation
+    #
+    # @overload untag_resource(params = {})
+    # @param [Hash] params ({})
+    def untag_resource(params = {}, options = {})
+      req = build_request(:untag_resource, params)
+      req.send_request(options)
+    end
+
+    # Updates an existing pull through cache rule.
+    #
+    # @option params [String] :registry_id
+    #   The Amazon Web Services account ID associated with the registry
+    #   associated with the pull through cache rule. If you do not specify a
+    #   registry, the default registry is assumed.
+    #
+    # @option params [required, String] :ecr_repository_prefix
+    #   The repository name prefix to use when caching images from the source
+    #   registry.
+    #
+    # @option params [required, String] :credential_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services Secrets
+    #   Manager secret that identifies the credentials to authenticate to the
+    #   upstream registry.
+    #
+    # @return [Types::UpdatePullThroughCacheRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdatePullThroughCacheRuleResponse#ecr_repository_prefix #ecr_repository_prefix} => String
+    #   * {Types::UpdatePullThroughCacheRuleResponse#registry_id #registry_id} => String
+    #   * {Types::UpdatePullThroughCacheRuleResponse#updated_at #updated_at} => Time
+    #   * {Types::UpdatePullThroughCacheRuleResponse#credential_arn #credential_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_pull_through_cache_rule({
+    #     registry_id: "RegistryId",
+    #     ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
+    #     credential_arn: "CredentialArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ecr_repository_prefix #=> String
+    #   resp.registry_id #=> String
+    #   resp.updated_at #=> Time
+    #   resp.credential_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UpdatePullThroughCacheRule AWS API Documentation
+    #
+    # @overload update_pull_through_cache_rule(params = {})
+    # @param [Hash] params ({})
+    def update_pull_through_cache_rule(params = {}, options = {})
+      req = build_request(:update_pull_through_cache_rule, params)
+      req.send_request(options)
+    end
+
     # Uploads an image layer part to Amazon ECR.
     #
-    # <note markdown="1"> This operation is used by the Amazon ECR proxy, and it is not intended
-    # for general use by customers for pulling and pushing images. In most
-    # cases, you should use the `docker` CLI to pull, tag, and push images.
+    # When an image is pushed, each new image layer is uploaded in parts.
+    # The maximum size of each image layer part can be 20971520 bytes (or
+    # about 20MB). The UploadLayerPart API is called once per each new image
+    # layer part.
+    #
+    # <note markdown="1"> This operation is used by the Amazon ECR proxy and is not generally
+    # used by customers for pulling and pushing images. In most cases, you
+    # should use the `docker` CLI to pull, tag, and push images.
     #
     #  </note>
     #
     # @option params [String] :registry_id
-    #   The AWS account ID associated with the registry to which you are
-    #   uploading layer parts. If you do not specify a registry, the default
-    #   registry is assumed.
+    #   The Amazon Web Services account ID associated with the registry to
+    #   which you are uploading layer parts. If you do not specify a registry,
+    #   the default registry is assumed.
     #
     # @option params [required, String] :repository_name
     #   The name of the repository to which you are uploading layer parts.
@@ -1504,12 +2906,14 @@ module Aws::ECR
     #   associate with the layer part upload.
     #
     # @option params [required, Integer] :part_first_byte
-    #   The integer value of the first byte of the layer part.
+    #   The position of the first byte of the layer part witin the overall
+    #   image layer.
     #
     # @option params [required, Integer] :part_last_byte
-    #   The integer value of the last byte of the layer part.
+    #   The position of the last byte of the layer part within the overall
+    #   image layer.
     #
-    # @option params [required, String, IO] :layer_part_blob
+    # @option params [required, String, StringIO, File] :layer_part_blob
     #   The base64-encoded layer part payload.
     #
     # @return [Types::UploadLayerPartResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1546,6 +2950,54 @@ module Aws::ECR
       req.send_request(options)
     end
 
+    # Validates an existing pull through cache rule for an upstream registry
+    # that requires authentication. This will retrieve the contents of the
+    # Amazon Web Services Secrets Manager secret, verify the syntax, and
+    # then validate that authentication to the upstream registry is
+    # successful.
+    #
+    # @option params [required, String] :ecr_repository_prefix
+    #   The repository name prefix associated with the pull through cache
+    #   rule.
+    #
+    # @option params [String] :registry_id
+    #   The registry ID associated with the pull through cache rule. If you do
+    #   not specify a registry, the default registry is assumed.
+    #
+    # @return [Types::ValidatePullThroughCacheRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ValidatePullThroughCacheRuleResponse#ecr_repository_prefix #ecr_repository_prefix} => String
+    #   * {Types::ValidatePullThroughCacheRuleResponse#registry_id #registry_id} => String
+    #   * {Types::ValidatePullThroughCacheRuleResponse#upstream_registry_url #upstream_registry_url} => String
+    #   * {Types::ValidatePullThroughCacheRuleResponse#credential_arn #credential_arn} => String
+    #   * {Types::ValidatePullThroughCacheRuleResponse#is_valid #is_valid} => Boolean
+    #   * {Types::ValidatePullThroughCacheRuleResponse#failure #failure} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.validate_pull_through_cache_rule({
+    #     ecr_repository_prefix: "PullThroughCacheRuleRepositoryPrefix", # required
+    #     registry_id: "RegistryId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.ecr_repository_prefix #=> String
+    #   resp.registry_id #=> String
+    #   resp.upstream_registry_url #=> String
+    #   resp.credential_arn #=> String
+    #   resp.is_valid #=> Boolean
+    #   resp.failure #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/ValidatePullThroughCacheRule AWS API Documentation
+    #
+    # @overload validate_pull_through_cache_rule(params = {})
+    # @param [Hash] params ({})
+    def validate_pull_through_cache_rule(params = {}, options = {})
+      req = build_request(:validate_pull_through_cache_rule, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1559,14 +3011,129 @@ module Aws::ECR
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ecr'
-      context[:gem_version] = '1.3.0'
+      context[:gem_version] = '1.69.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
+    # Polls an API operation until a resource enters a desired state.
+    #
+    # ## Basic Usage
+    #
+    # A waiter will call an API operation until:
+    #
+    # * It is successful
+    # * It enters a terminal state
+    # * It makes the maximum number of attempts
+    #
+    # In between attempts, the waiter will sleep.
+    #
+    #     # polls in a loop, sleeping between attempts
+    #     client.wait_until(waiter_name, params)
+    #
+    # ## Configuration
+    #
+    # You can configure the maximum number of polling attempts, and the
+    # delay (in seconds) between each polling attempt. You can pass
+    # configuration as the final arguments hash.
+    #
+    #     # poll for ~25 seconds
+    #     client.wait_until(waiter_name, params, {
+    #       max_attempts: 5,
+    #       delay: 5,
+    #     })
+    #
+    # ## Callbacks
+    #
+    # You can be notified before each polling attempt and before each
+    # delay. If you throw `:success` or `:failure` from these callbacks,
+    # it will terminate the waiter.
+    #
+    #     started_at = Time.now
+    #     client.wait_until(waiter_name, params, {
+    #
+    #       # disable max attempts
+    #       max_attempts: nil,
+    #
+    #       # poll for 1 hour, instead of a number of attempts
+    #       before_wait: -> (attempts, response) do
+    #         throw :failure if Time.now - started_at > 3600
+    #       end
+    #     })
+    #
+    # ## Handling Errors
+    #
+    # When a waiter is unsuccessful, it will raise an error.
+    # All of the failure errors extend from
+    # {Aws::Waiters::Errors::WaiterFailed}.
+    #
+    #     begin
+    #       client.wait_until(...)
+    #     rescue Aws::Waiters::Errors::WaiterFailed
+    #       # resource did not enter the desired state in time
+    #     end
+    #
+    # ## Valid Waiters
+    #
+    # The following table lists the valid waiter names, the operations they call,
+    # and the default `:delay` and `:max_attempts` values.
+    #
+    # | waiter_name                       | params                                | :delay   | :max_attempts |
+    # | --------------------------------- | ------------------------------------- | -------- | ------------- |
+    # | image_scan_complete               | {Client#describe_image_scan_findings} | 5        | 60            |
+    # | lifecycle_policy_preview_complete | {Client#get_lifecycle_policy_preview} | 5        | 20            |
+    #
+    # @raise [Errors::FailureStateError] Raised when the waiter terminates
+    #   because the waiter has entered a state that it will not transition
+    #   out of, preventing success.
+    #
+    # @raise [Errors::TooManyAttemptsError] Raised when the configured
+    #   maximum number of attempts have been made, and the waiter is not
+    #   yet successful.
+    #
+    # @raise [Errors::UnexpectedError] Raised when an error is encounted
+    #   while polling for a resource that is not expected.
+    #
+    # @raise [Errors::NoSuchWaiterError] Raised when you request to wait
+    #   for an unknown state.
+    #
+    # @return [Boolean] Returns `true` if the waiter was successful.
+    # @param [Symbol] waiter_name
+    # @param [Hash] params ({})
+    # @param [Hash] options ({})
+    # @option options [Integer] :max_attempts
+    # @option options [Integer] :delay
+    # @option options [Proc] :before_attempt
+    # @option options [Proc] :before_wait
+    def wait_until(waiter_name, params = {}, options = {})
+      w = waiter(waiter_name, options)
+      yield(w.waiter) if block_given? # deprecated
+      w.wait(params)
+    end
+
     # @api private
     # @deprecated
     def waiter_names
-      []
+      waiters.keys
+    end
+
+    private
+
+    # @param [Symbol] waiter_name
+    # @param [Hash] options ({})
+    def waiter(waiter_name, options = {})
+      waiter_class = waiters[waiter_name]
+      if waiter_class
+        waiter_class.new(options.merge(client: self))
+      else
+        raise Aws::Waiters::Errors::NoSuchWaiterError.new(waiter_name, waiters.keys)
+      end
+    end
+
+    def waiters
+      {
+        image_scan_complete: Waiters::ImageScanComplete,
+        lifecycle_policy_preview_complete: Waiters::LifecyclePolicyPreviewComplete
+      }
     end
 
     class << self