aws-cdk-lib 2.153.0__py3-none-any.whl → 2.154.0__py3-none-any.whl

aws_cdk/aws_ecr/__init__.py

@@ -444,7 +444,7 @@ class CfnPublicRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ff52c4c89f76461de2458e82c2bfd20f4de3951ad8eab58aec1b52004c07cea7)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryCatalogData", value)
+        jsii.set(self, "repositoryCatalogData", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="repositoryName")
@@ -457,7 +457,7 @@ class CfnPublicRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c540342cfab06c3e938dc25340d0df062558f4ba1bb13c342e9740ee0e1e909a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryName", value)
+        jsii.set(self, "repositoryName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="repositoryPolicyText")
@@ -470,7 +470,7 @@ class CfnPublicRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3a5d0a391359eb22e8e450fd43d68011135dcfa6d843724b27da64f19e19aad7)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryPolicyText", value)
+        jsii.set(self, "repositoryPolicyText", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -483,7 +483,7 @@ class CfnPublicRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e01e3d955755b76bef4d0ce1b9a558313454d69c44cb97d65b4fcb564602a54d)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ecr.CfnPublicRepository.RepositoryCatalogDataProperty",
@@ -839,7 +839,7 @@ class CfnPullThroughCacheRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a379fdfcc316f1fba45c0243614513599bd6a9e9b599a9e279a8cc606e4bf382)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "credentialArn", value)
+        jsii.set(self, "credentialArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ecrRepositoryPrefix")
@@ -852,7 +852,7 @@ class CfnPullThroughCacheRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__97e7364a9d8ce3c9c0a95d7d650a21956fb29a984bd55c4450ace32814a23728)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ecrRepositoryPrefix", value)
+        jsii.set(self, "ecrRepositoryPrefix", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="upstreamRegistry")
@@ -865,7 +865,7 @@ class CfnPullThroughCacheRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9e6176654c03645cd104e31d54362eb32d0b3856b8d7015586ea920e9ef9cc77)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "upstreamRegistry", value)
+        jsii.set(self, "upstreamRegistry", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="upstreamRegistryUrl")
@@ -878,7 +878,7 @@ class CfnPullThroughCacheRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7eb1d214154bb7e817af1779f0f5bf9f4b1c880ec0a8357fa98987f1063b451f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "upstreamRegistryUrl", value)
+        jsii.set(self, "upstreamRegistryUrl", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -1089,7 +1089,7 @@ class CfnRegistryPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__22f296a7fd25dcbd0e6d71e5f19c5a64bea31bc39494f50b1a2fdceb3a96d82b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policyText", value)
+        jsii.set(self, "policyText", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -1270,7 +1270,7 @@ class CfnReplicationConfiguration(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__99f4c1062f6a81bbbbbb1ec51556be75ca089974820458f2cf7c2b6ef30a1f4b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "replicationConfiguration", value)
+        jsii.set(self, "replicationConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty",
@@ -1811,7 +1811,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0cdf31a68d1403243dabdc584938d9cf5b1769c665a1d405daaaa8438f7d0367)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "emptyOnDelete", value)
+        jsii.set(self, "emptyOnDelete", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="encryptionConfiguration")
@@ -1829,7 +1829,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__cf78a5a76e0710f9d352977f8ee877ef0fc7f3c43b6cd9839d2fbeaff522caa1)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "encryptionConfiguration", value)
+        jsii.set(self, "encryptionConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="imageScanningConfiguration")
@@ -1847,7 +1847,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0ae9439aabd4d324bf1d5bdb5b430c995fa4f0fdc0cb44daa41909d48e778564)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "imageScanningConfiguration", value)
+        jsii.set(self, "imageScanningConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="imageTagMutability")
@@ -1860,7 +1860,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6d75698f85ccefe489f53d4f155b619c9c3df1026fe201828f3f0ccc7b5fda28)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "imageTagMutability", value)
+        jsii.set(self, "imageTagMutability", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="lifecyclePolicy")
@@ -1878,7 +1878,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__47418c52de9eb82b5a96dfa3524d84345309cf3a2f06fbbc30eaa7da852a33fa)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "lifecyclePolicy", value)
+        jsii.set(self, "lifecyclePolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="repositoryName")
@@ -1891,7 +1891,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__320e28aebae3ff1053b4006047e990e27e37c3a2753340ee0372d4f8e354bc2b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryName", value)
+        jsii.set(self, "repositoryName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="repositoryPolicyText")
@@ -1904,7 +1904,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ab6f8914cd6d9319d4c072a32100fe3532bf6bfdfe1b069100045f46efd7f432)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryPolicyText", value)
+        jsii.set(self, "repositoryPolicyText", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -1917,7 +1917,7 @@ class CfnRepository(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a187140649b7378ce5c825b26017544130f832c6f44250242ffcc01b801ada76)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ecr.CfnRepository.EncryptionConfigurationProperty",
@@ -1933,11 +1933,11 @@ class CfnRepository(
         ) -> None:
             '''The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
 
-            By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
+            By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.
 
             For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
-            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
             :param kms_key: If you use the ``KMS`` encryption type, specify the AWS KMS key to use for encryption. The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html
@@ -1972,7 +1972,7 @@ class CfnRepository(
 
             If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
 
-            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html#cfn-ecr-repository-encryptionconfiguration-encryptiontype
             '''
@@ -2145,7 +2145,7 @@ class CfnRepositoryCreationTemplate(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_ecr.CfnRepositoryCreationTemplate",
 ):
-    '''AWS::ECR::RepositoryCreationTemplate is used to create repository with configuration from a pre-defined template.
+    '''The details of the repository creation template associated with the request.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html
     :cloudformationResource: AWS::ECR::RepositoryCreationTemplate
@@ -2162,6 +2162,7 @@ class CfnRepositoryCreationTemplate(
             prefix="prefix",
         
             # the properties below are optional
+            custom_role_arn="customRoleArn",
             description="description",
             encryption_configuration=ecr.CfnRepositoryCreationTemplate.EncryptionConfigurationProperty(
                 encryption_type="encryptionType",
@@ -2186,6 +2187,7 @@ class CfnRepositoryCreationTemplate(
         *,
         applied_for: typing.Sequence[builtins.str],
         prefix: builtins.str,
+        custom_role_arn: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRepositoryCreationTemplate.EncryptionConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         image_tag_mutability: typing.Optional[builtins.str] = None,
@@ -2196,14 +2198,15 @@ class CfnRepositoryCreationTemplate(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param applied_for: A list of enumerable Strings representing the repository creation scenarios that the template will apply towards.
-        :param prefix: The prefix use to match the repository name and apply the template.
-        :param description: The description of the template.
-        :param encryption_configuration: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
-        :param image_tag_mutability: The image tag mutability setting for the repository.
-        :param lifecycle_policy: The JSON lifecycle policy text to apply to the repository. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
-        :param repository_policy: The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html
-        :param resource_tags: The tags attached to the resource.
+        :param applied_for: A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
+        :param prefix: The repository namespace prefix associated with the repository creation template.
+        :param custom_role_arn: The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.
+        :param description: The description associated with the repository creation template.
+        :param encryption_configuration: The encryption configuration associated with the repository creation template.
+        :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
+        :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
+        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__494445c3594e6c48becf87b896b56289e6923275ed1be048e55a955aad19112e)
@@ -2212,6 +2215,7 @@ class CfnRepositoryCreationTemplate(
         props = CfnRepositoryCreationTemplateProps(
             applied_for=applied_for,
             prefix=prefix,
+            custom_role_arn=custom_role_arn,
             description=description,
             encryption_configuration=encryption_configuration,
             image_tag_mutability=image_tag_mutability,
@@ -2255,7 +2259,7 @@ class CfnRepositoryCreationTemplate(
     @builtins.property
     @jsii.member(jsii_name="attrCreatedAt")
     def attr_created_at(self) -> builtins.str:
-        '''Create timestamp of the template.
+        '''The date and time, in JavaScript date format, when the repository creation template was created.
 
         :cloudformationAttribute: CreatedAt
         '''
@@ -2264,7 +2268,7 @@ class CfnRepositoryCreationTemplate(
     @builtins.property
     @jsii.member(jsii_name="attrUpdatedAt")
     def attr_updated_at(self) -> builtins.str:
-        '''Update timestamp of the template.
+        '''The date and time, in JavaScript date format, when the repository creation template was last updated.
 
         :cloudformationAttribute: UpdatedAt
         '''
@@ -2278,7 +2282,7 @@ class CfnRepositoryCreationTemplate(
     @builtins.property
     @jsii.member(jsii_name="appliedFor")
     def applied_for(self) -> typing.List[builtins.str]:
-        '''A list of enumerable Strings representing the repository creation scenarios that the template will apply towards.'''
+        '''A list of enumerable Strings representing the repository creation scenarios that this template will apply towards.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "appliedFor"))
 
     @applied_for.setter
@@ -2286,12 +2290,12 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d70128c5c73464a6960bdf3e12180f730d72102eeb954991a5ee91b6ced476e1)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "appliedFor", value)
+        jsii.set(self, "appliedFor", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="prefix")
     def prefix(self) -> builtins.str:
-        '''The prefix use to match the repository name and apply the template.'''
+        '''The repository namespace prefix associated with the repository creation template.'''
         return typing.cast(builtins.str, jsii.get(self, "prefix"))
 
     @prefix.setter
@@ -2299,12 +2303,25 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7421fb0840fe7d5bdb7ebafbc563d2498adfea23d49797835c3b7262cf06acbe)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "prefix", value)
+        jsii.set(self, "prefix", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="customRoleArn")
+    def custom_role_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of the role to be assumed by Amazon ECR.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "customRoleArn"))
+
+    @custom_role_arn.setter
+    def custom_role_arn(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f311f608554230e0e0d247def1a5aa1b17b63e6e3d1eff562fa5d4d2be6645db)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "customRoleArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
-        '''The description of the template.'''
+        '''The description associated with the repository creation template.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
 
     @description.setter
@@ -2312,17 +2329,14 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e5438699040b3663de96ef1aac64ac4344fe755ea3bb114b36fdb20c66eeb12e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "description", value)
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="encryptionConfiguration")
     def encryption_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRepositoryCreationTemplate.EncryptionConfigurationProperty"]]:
-        '''The encryption configuration for the repository.
-
-        This determines how the contents of your repository are encrypted at rest.
-        '''
+        '''The encryption configuration associated with the repository creation template.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRepositoryCreationTemplate.EncryptionConfigurationProperty"]], jsii.get(self, "encryptionConfiguration"))
 
     @encryption_configuration.setter
@@ -2333,12 +2347,12 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__dc9a1c0060c4bcb98843249551561d40d0d01c6137b55d2fc6b20909c4d50df4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "encryptionConfiguration", value)
+        jsii.set(self, "encryptionConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="imageTagMutability")
     def image_tag_mutability(self) -> typing.Optional[builtins.str]:
-        '''The image tag mutability setting for the repository.'''
+        '''The tag mutability setting for the repository.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "imageTagMutability"))
 
     @image_tag_mutability.setter
@@ -2346,12 +2360,12 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0d03ac6e7b2975934cbd1c8b2470015fc671509b1b82834732e60abe440bad58)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "imageTagMutability", value)
+        jsii.set(self, "imageTagMutability", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="lifecyclePolicy")
     def lifecycle_policy(self) -> typing.Optional[builtins.str]:
-        '''The JSON lifecycle policy text to apply to the repository.'''
+        '''The lifecycle policy to use for repositories created using the template.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "lifecyclePolicy"))
 
     @lifecycle_policy.setter
@@ -2359,12 +2373,12 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e2e08b01e66ab87aacff8f76d06c2abf47c27bd4366b69a73969d43a0b0b636a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "lifecyclePolicy", value)
+        jsii.set(self, "lifecyclePolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="repositoryPolicy")
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''The JSON repository policy text to apply to the repository.'''
+        '''he repository policy to apply to repositories created using the template.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "repositoryPolicy"))
 
     @repository_policy.setter
@@ -2372,14 +2386,14 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6133d22d20cb78fbb430ebd26935743e57cfc66d8da0d8b426c625527396018f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "repositoryPolicy", value)
+        jsii.set(self, "repositoryPolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="resourceTags")
     def resource_tags(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]:
-        '''The tags attached to the resource.'''
+        '''The metadata to apply to the repository to help you categorize and organize.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]], jsii.get(self, "resourceTags"))
 
     @resource_tags.setter
@@ -2390,7 +2404,7 @@ class CfnRepositoryCreationTemplate(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c2fb99e1f96881ee2eeb1081388dcf7c16b80d047a366d3bbc0d4a883ac0e52b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "resourceTags", value)
+        jsii.set(self, "resourceTags", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ecr.CfnRepositoryCreationTemplate.EncryptionConfigurationProperty",
@@ -2406,11 +2420,11 @@ class CfnRepositoryCreationTemplate(
         ) -> None:
             '''The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
 
-            By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
+            By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.
 
             For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
-            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
             :param kms_key: If you use the ``KMS`` encryption type, specify the AWS KMS key to use for encryption. The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html
@@ -2445,7 +2459,7 @@ class CfnRepositoryCreationTemplate(
 
             If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
 
-            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html#cfn-ecr-repositorycreationtemplate-encryptionconfiguration-encryptiontype
             '''
@@ -2482,6 +2496,7 @@ class CfnRepositoryCreationTemplate(
     name_mapping={
         "applied_for": "appliedFor",
         "prefix": "prefix",
+        "custom_role_arn": "customRoleArn",
         "description": "description",
         "encryption_configuration": "encryptionConfiguration",
         "image_tag_mutability": "imageTagMutability",
@@ -2496,6 +2511,7 @@ class CfnRepositoryCreationTemplateProps:
         *,
         applied_for: typing.Sequence[builtins.str],
         prefix: builtins.str,
+        custom_role_arn: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRepositoryCreationTemplate.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         image_tag_mutability: typing.Optional[builtins.str] = None,
@@ -2505,14 +2521,15 @@ class CfnRepositoryCreationTemplateProps:
     ) -> None:
         '''Properties for defining a ``CfnRepositoryCreationTemplate``.
 
-        :param applied_for: A list of enumerable Strings representing the repository creation scenarios that the template will apply towards.
-        :param prefix: The prefix use to match the repository name and apply the template.
-        :param description: The description of the template.
-        :param encryption_configuration: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
-        :param image_tag_mutability: The image tag mutability setting for the repository.
-        :param lifecycle_policy: The JSON lifecycle policy text to apply to the repository. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
-        :param repository_policy: The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html
-        :param resource_tags: The tags attached to the resource.
+        :param applied_for: A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
+        :param prefix: The repository namespace prefix associated with the repository creation template.
+        :param custom_role_arn: The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.
+        :param description: The description associated with the repository creation template.
+        :param encryption_configuration: The encryption configuration associated with the repository creation template.
+        :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
+        :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
+        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html
         :exampleMetadata: fixture=_generated
@@ -2528,6 +2545,7 @@ class CfnRepositoryCreationTemplateProps:
                 prefix="prefix",
             
                 # the properties below are optional
+                custom_role_arn="customRoleArn",
                 description="description",
                 encryption_configuration=ecr.CfnRepositoryCreationTemplate.EncryptionConfigurationProperty(
                     encryption_type="encryptionType",
@@ -2548,6 +2566,7 @@ class CfnRepositoryCreationTemplateProps:
             type_hints = typing.get_type_hints(_typecheckingstub__623a27e5bf9e58dfa2c0c25d5b312731cce32386963e30de33e3bd636fb982d3)
             check_type(argname="argument applied_for", value=applied_for, expected_type=type_hints["applied_for"])
             check_type(argname="argument prefix", value=prefix, expected_type=type_hints["prefix"])
+            check_type(argname="argument custom_role_arn", value=custom_role_arn, expected_type=type_hints["custom_role_arn"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument encryption_configuration", value=encryption_configuration, expected_type=type_hints["encryption_configuration"])
             check_type(argname="argument image_tag_mutability", value=image_tag_mutability, expected_type=type_hints["image_tag_mutability"])
@@ -2558,6 +2577,8 @@ class CfnRepositoryCreationTemplateProps:
             "applied_for": applied_for,
             "prefix": prefix,
         }
+        if custom_role_arn is not None:
+            self._values["custom_role_arn"] = custom_role_arn
         if description is not None:
             self._values["description"] = description
         if encryption_configuration is not None:
@@ -2573,7 +2594,9 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def applied_for(self) -> typing.List[builtins.str]:
-        '''A list of enumerable Strings representing the repository creation scenarios that the template will apply towards.
+        '''A list of enumerable Strings representing the repository creation scenarios that this template will apply towards.
+
+        The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-appliedfor
         '''
@@ -2583,7 +2606,7 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def prefix(self) -> builtins.str:
-        '''The prefix use to match the repository name and apply the template.
+        '''The repository namespace prefix associated with the repository creation template.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-prefix
         '''
@@ -2591,9 +2614,20 @@ class CfnRepositoryCreationTemplateProps:
         assert result is not None, "Required property 'prefix' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def custom_role_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of the role to be assumed by Amazon ECR.
+
+        Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-customrolearn
+        '''
+        result = self._values.get("custom_role_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
-        '''The description of the template.
+        '''The description associated with the repository creation template.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-description
         '''
@@ -2604,11 +2638,7 @@ class CfnRepositoryCreationTemplateProps:
     def encryption_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnRepositoryCreationTemplate.EncryptionConfigurationProperty]]:
-        '''The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
-
-        By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
-
-        For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
+        '''The encryption configuration associated with the repository creation template.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-encryptionconfiguration
         '''
@@ -2617,7 +2647,9 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def image_tag_mutability(self) -> typing.Optional[builtins.str]:
-        '''The image tag mutability setting for the repository.
+        '''The tag mutability setting for the repository.
+
+        If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-imagetagmutability
         '''
@@ -2626,9 +2658,7 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def lifecycle_policy(self) -> typing.Optional[builtins.str]:
-        '''The JSON lifecycle policy text to apply to the repository.
-
-        For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
+        '''The lifecycle policy to use for repositories created using the template.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-lifecyclepolicy
         '''
@@ -2637,9 +2667,9 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''The JSON repository policy text to apply to the repository.
+        '''he repository policy to apply to repositories created using the template.
 
-        For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html
+        A repository policy is a permissions policy associated with a repository to control access permissions.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-repositorypolicy
         '''
@@ -2650,7 +2680,9 @@ class CfnRepositoryCreationTemplateProps:
     def resource_tags(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]:
-        '''The tags attached to the resource.
+        '''The metadata to apply to the repository to help you categorize and organize.
+
+        Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html#cfn-ecr-repositorycreationtemplate-resourcetags
         '''
@@ -5273,6 +5305,7 @@ def _typecheckingstub__494445c3594e6c48becf87b896b56289e6923275ed1be048e55a955aa
     *,
     applied_for: typing.Sequence[builtins.str],
     prefix: builtins.str,
+    custom_role_arn: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRepositoryCreationTemplate.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     image_tag_mutability: typing.Optional[builtins.str] = None,
@@ -5307,6 +5340,12 @@ def _typecheckingstub__7421fb0840fe7d5bdb7ebafbc563d2498adfea23d49797835c3b7262c
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__f311f608554230e0e0d247def1a5aa1b17b63e6e3d1eff562fa5d4d2be6645db(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__e5438699040b3663de96ef1aac64ac4344fe755ea3bb114b36fdb20c66eeb12e(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -5355,6 +5394,7 @@ def _typecheckingstub__623a27e5bf9e58dfa2c0c25d5b312731cce32386963e30de33e3bd636
     *,
     applied_for: typing.Sequence[builtins.str],
     prefix: builtins.str,
+    custom_role_arn: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRepositoryCreationTemplate.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     image_tag_mutability: typing.Optional[builtins.str] = None,