feat(client-ecr): This release adds Amazon ECR to Amazon ECR pull through cache rules support.

Author: awstools

clients/client-ecr/src/commands/CreatePullThroughCacheRuleCommand.ts

@@ -42,8 +42,10 @@ export interface CreatePullThroughCacheRuleCommandOutput extends CreatePullThrou
  *   ecrRepositoryPrefix: "STRING_VALUE", // required
  *   upstreamRegistryUrl: "STRING_VALUE", // required
  *   registryId: "STRING_VALUE",
- *   upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ *   upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  *   credentialArn: "STRING_VALUE",
+ *   customRoleArn: "STRING_VALUE",
+ *   upstreamRepositoryPrefix: "STRING_VALUE",
  * };
  * const command = new CreatePullThroughCacheRuleCommand(input);
  * const response = await client.send(command);
@@ -52,8 +54,10 @@ export interface CreatePullThroughCacheRuleCommandOutput extends CreatePullThrou
  * //   upstreamRegistryUrl: "STRING_VALUE",
  * //   createdAt: new Date("TIMESTAMP"),
  * //   registryId: "STRING_VALUE",
- * //   upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ * //   upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/DeletePullThroughCacheRuleCommand.ts

@@ -47,6 +47,8 @@ export interface DeletePullThroughCacheRuleCommandOutput extends DeletePullThrou
  * //   createdAt: new Date("TIMESTAMP"),
  * //   registryId: "STRING_VALUE",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/DescribePullThroughCacheRulesCommand.ts

@@ -58,7 +58,9 @@ export interface DescribePullThroughCacheRulesCommandOutput
  * //       createdAt: new Date("TIMESTAMP"),
  * //       registryId: "STRING_VALUE",
  * //       credentialArn: "STRING_VALUE",
- * //       upstreamRegistry: "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
+ * //       customRoleArn: "STRING_VALUE",
+ * //       upstreamRepositoryPrefix: "STRING_VALUE",
+ * //       upstreamRegistry: "ecr" || "ecr-public" || "quay" || "k8s" || "docker-hub" || "github-container-registry" || "azure-container-registry" || "gitlab-container-registry",
  * //       updatedAt: new Date("TIMESTAMP"),
  * //     },
  * //   ],

clients/client-ecr/src/commands/UpdatePullThroughCacheRuleCommand.ts

@@ -38,7 +38,8 @@ export interface UpdatePullThroughCacheRuleCommandOutput extends UpdatePullThrou
  * const input = { // UpdatePullThroughCacheRuleRequest
  *   registryId: "STRING_VALUE",
  *   ecrRepositoryPrefix: "STRING_VALUE", // required
- *   credentialArn: "STRING_VALUE", // required
+ *   credentialArn: "STRING_VALUE",
+ *   customRoleArn: "STRING_VALUE",
  * };
  * const command = new UpdatePullThroughCacheRuleCommand(input);
  * const response = await client.send(command);
@@ -47,6 +48,8 @@ export interface UpdatePullThroughCacheRuleCommandOutput extends UpdatePullThrou
  * //   registryId: "STRING_VALUE",
  * //   updatedAt: new Date("TIMESTAMP"),
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * // };
  *
  * ```

clients/client-ecr/src/commands/ValidatePullThroughCacheRuleCommand.ts

@@ -54,6 +54,8 @@ export interface ValidatePullThroughCacheRuleCommandOutput
  * //   registryId: "STRING_VALUE",
  * //   upstreamRegistryUrl: "STRING_VALUE",
  * //   credentialArn: "STRING_VALUE",
+ * //   customRoleArn: "STRING_VALUE",
+ * //   upstreamRepositoryPrefix: "STRING_VALUE",
  * //   isValid: true || false,
  * //   failure: "STRING_VALUE",
  * // };

clients/client-ecr/src/models/models_0.ts

@@ -801,6 +801,7 @@ export class UploadNotFoundException extends __BaseException {
 export const UpstreamRegistry = {
   AzureContainerRegistry: "azure-container-registry",
   DockerHub: "docker-hub",
+  Ecr: "ecr",
   EcrPublic: "ecr-public",
   GitHubContainerRegistry: "github-container-registry",
   GitLabContainerRegistry: "gitlab-container-registry",
@@ -819,6 +820,11 @@ export type UpstreamRegistry = (typeof UpstreamRegistry)[keyof typeof UpstreamRe
 export interface CreatePullThroughCacheRuleRequest {
   /**
    * <p>The repository name prefix to use when caching images from the source registry.</p>
+   *          <important>
+   *             <p>There is always an assumed <code>/</code> applied to the end of the prefix. If you
+   *                 specify <code>ecr-public</code> as the prefix, Amazon ECR treats that as
+   *                     <code>ecr-public/</code>.</p>
+   *          </important>
    * @public
    */
   ecrRepositoryPrefix: string | undefined;
@@ -829,32 +835,42 @@ export interface CreatePullThroughCacheRuleRequest {
    *             registry.</p>
    *          <ul>
    *             <li>
-   *                <p>Amazon ECR Public (<code>ecr-public</code>) - <code>public.ecr.aws</code>
+   *                <p>Amazon ECR (<code>ecr</code>) –
+   *                     <code>dkr.ecr.<region>.amazonaws.com</code>
+   *                </p>
+   *             </li>
+   *             <li>
+   *                <p>Amazon ECR Public (<code>ecr-public</code>) – <code>public.ecr.aws</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Docker Hub (<code>docker-hub</code>) -
+   *                <p>Docker Hub (<code>docker-hub</code>) –
    *                     <code>registry-1.docker.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Quay (<code>quay</code>) - <code>quay.io</code>
+   *                <p>GitHub Container Registry (<code>github-container-registry</code>) –
+   *                         <code>ghcr.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Kubernetes (<code>k8s</code>) - <code>registry.k8s.io</code>
+   *                <p>GitLab Container Registry (<code>gitlab-container-registry</code>) –
+   *                         <code>registry.gitlab.com</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>GitHub Container Registry (<code>github-container-registry</code>) -
-   *                         <code>ghcr.io</code>
+   *                <p>Kubernetes (<code>k8s</code>) – <code>registry.k8s.io</code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) -
+   *                <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) –
    *                         <code><custom>.azurecr.io</code>
    *                </p>
    *             </li>
+   *             <li>
+   *                <p>Quay (<code>quay</code>) – <code>quay.io</code>
+   *                </p>
+   *             </li>
    *          </ul>
    * @public
    */
@@ -879,6 +895,22 @@ export interface CreatePullThroughCacheRuleRequest {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to
+   *             the ECR upstream registry. This role must be in the same account as the registry that
+   *             you are configuring.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The repository name prefix of the upstream registry to match with the upstream
+   *             repository name. When this field isn't specified, Amazon ECR will use the
+   *             <code>ROOT</code>.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -922,6 +954,18 @@ export interface CreatePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -1498,8 +1542,8 @@ export interface RepositoryCreationTemplate {
   imageTagMutability?: ImageTagMutability | undefined;
 
   /**
-   * <p>he repository policy to apply to repositories created using the template. A repository
-   *             policy is a permissions policy associated with a repository to control access
+   * <p>The repository policy to apply to repositories created using the template. A
+   *             repository policy is a permissions policy associated with a repository to control access
    *             permissions. </p>
    * @public
    */
@@ -1701,6 +1745,18 @@ export interface DeletePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -2249,10 +2305,10 @@ export interface ImageDetail {
    *          <p>If the image is a manifest list, this will be the max size of all manifests in the
    *             list.</p>
    *          <note>
-   *             <p>Beginning with Docker version 1.9, the Docker client compresses image layers
-   *                 before pushing them to a V2 Docker registry. The output of the <code>docker
-   *                     images</code> command shows the uncompressed image size, so it may return a
-   *                 larger image size than the image sizes returned by <a>DescribeImages</a>.</p>
+   *             <p>Starting with Docker version 1.9, the Docker client compresses image layers before
+   *                 pushing them to a V2 Docker registry. The output of the <code>docker images</code>
+   *                 command shows the uncompressed image size. Therefore, Docker might return a larger
+   *                 image than the image sizes returned by <a>DescribeImages</a>.</p>
    *          </note>
    * @public
    */
@@ -3075,6 +3131,18 @@ export interface PullThroughCacheRule {
    */
   credentialArn?: string | undefined;
 
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
+
   /**
    * <p>The name of the upstream source registry associated with the pull through cache
    *             rule.</p>
@@ -3389,10 +3457,10 @@ export interface GetAccountSettingResponse {
   name?: string | undefined;
 
   /**
-   * <p>The setting value for the setting name. The following are valid values for the basic scan
-   *             type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are valid
-   *             values for the registry policy scope being used: <code>V1</code> or
-   *             <code>V2</code>.</p>
+   * <p>The setting value for the setting name. The following are valid values for the basic
+   *             scan type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are
+   *             valid values for the registry policy scope being used: <code>V1</code> or
+   *                 <code>V2</code>.</p>
    * @public
    */
   value?: string | undefined;
@@ -4816,7 +4884,15 @@ export interface UpdatePullThroughCacheRuleRequest {
    *             to the upstream registry.</p>
    * @public
    */
-  credentialArn: string | undefined;
+  credentialArn?: string | undefined;
+
+  /**
+   * <p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the
+   *             ECR upstream registry. This role must be in the same account as the registry that you
+   *             are configuring.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
 }
 
 /**
@@ -4848,6 +4924,18 @@ export interface UpdatePullThroughCacheRuleResponse {
    * @public
    */
   credentialArn?: string | undefined;
+
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
 }
 
 /**
@@ -5116,6 +5204,18 @@ export interface ValidatePullThroughCacheRuleResponse {
    */
   credentialArn?: string | undefined;
 
+  /**
+   * <p>The ARN of the IAM role associated with the pull through cache rule.</p>
+   * @public
+   */
+  customRoleArn?: string | undefined;
+
+  /**
+   * <p>The upstream repository prefix associated with the pull through cache rule.</p>
+   * @public
+   */
+  upstreamRepositoryPrefix?: string | undefined;
+
   /**
    * <p>Whether or not the pull through cache rule was validated. If <code>true</code>, Amazon ECR
    *             was able to reach the upstream registry and authentication was successful. If

clients/client-ecr/src/protocols/Aws_json1_1.ts

@@ -2928,10 +2928,12 @@ const de_CreatePullThroughCacheRuleResponse = (
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     upstreamRegistry: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3020,9 +3022,11 @@ const de_DeletePullThroughCacheRuleResponse = (
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3399,11 +3403,13 @@ const de_PullThroughCacheRule = (output: any, context: __SerdeContext): PullThro
   return take(output, {
     createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     updatedAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     upstreamRegistry: __expectString,
     upstreamRegistryUrl: __expectString,
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 
@@ -3643,9 +3649,11 @@ const de_UpdatePullThroughCacheRuleResponse = (
 ): UpdatePullThroughCacheRuleResponse => {
   return take(output, {
     credentialArn: __expectString,
+    customRoleArn: __expectString,
     ecrRepositoryPrefix: __expectString,
     registryId: __expectString,
     updatedAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
+    upstreamRepositoryPrefix: __expectString,
   }) as any;
 };
 

codegen/sdk-codegen/aws-models/ecr.json

@@ -1928,14 +1928,14 @@
         "ecrRepositoryPrefix": {
           "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
           "traits": {
-            "smithy.api#documentation": "<p>The repository name prefix to use when caching images from the source registry.</p>",
+            "smithy.api#documentation": "<p>The repository name prefix to use when caching images from the source registry.</p>\n         <important>\n            <p>There is always an assumed <code>/</code> applied to the end of the prefix. If you\n                specify <code>ecr-public</code> as the prefix, Amazon ECR treats that as\n                    <code>ecr-public/</code>.</p>\n         </important>",
             "smithy.api#required": {}
           }
         },
         "upstreamRegistryUrl": {
           "target": "com.amazonaws.ecr#Url",
           "traits": {
-            "smithy.api#documentation": "<p>The registry URL of the upstream public registry to use as the source for the pull\n            through cache rule. The following is the syntax to use for each supported upstream\n            registry.</p>\n         <ul>\n            <li>\n               <p>Amazon ECR Public (<code>ecr-public</code>) - <code>public.ecr.aws</code>\n               </p>\n            </li>\n            <li>\n               <p>Docker Hub (<code>docker-hub</code>) -\n                    <code>registry-1.docker.io</code>\n               </p>\n            </li>\n            <li>\n               <p>Quay (<code>quay</code>) - <code>quay.io</code>\n               </p>\n            </li>\n            <li>\n               <p>Kubernetes (<code>k8s</code>) - <code>registry.k8s.io</code>\n               </p>\n            </li>\n            <li>\n               <p>GitHub Container Registry (<code>github-container-registry</code>) -\n                        <code>ghcr.io</code>\n               </p>\n            </li>\n            <li>\n               <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) -\n                        <code><custom>.azurecr.io</code>\n               </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>The registry URL of the upstream public registry to use as the source for the pull\n            through cache rule. The following is the syntax to use for each supported upstream\n            registry.</p>\n         <ul>\n            <li>\n               <p>Amazon ECR (<code>ecr</code>) –\n                    <code>dkr.ecr.<region>.amazonaws.com</code>\n               </p>\n            </li>\n            <li>\n               <p>Amazon ECR Public (<code>ecr-public</code>) – <code>public.ecr.aws</code>\n               </p>\n            </li>\n            <li>\n               <p>Docker Hub (<code>docker-hub</code>) –\n                    <code>registry-1.docker.io</code>\n               </p>\n            </li>\n            <li>\n               <p>GitHub Container Registry (<code>github-container-registry</code>) –\n                        <code>ghcr.io</code>\n               </p>\n            </li>\n            <li>\n               <p>GitLab Container Registry (<code>gitlab-container-registry</code>) –\n                        <code>registry.gitlab.com</code>\n               </p>\n            </li>\n            <li>\n               <p>Kubernetes (<code>k8s</code>) – <code>registry.k8s.io</code>\n               </p>\n            </li>\n            <li>\n               <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) –\n                        <code><custom>.azurecr.io</code>\n               </p>\n            </li>\n            <li>\n               <p>Quay (<code>quay</code>) – <code>quay.io</code>\n               </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -1956,6 +1956,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate\n            to the upstream registry.</p>"
           }
+        },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to\n            the ECR upstream registry. This role must be in the same account as the registry that\n            you are configuring.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The repository name prefix of the upstream registry to match with the upstream\n            repository name. When this field isn't specified, Amazon ECR will use the\n            <code>ROOT</code>.</p>"
+          }
         }
       },
       "traits": {
@@ -2000,6 +2012,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache\n            rule.</p>"
           }
+        },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the IAM role associated with the pull through cache rule.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The upstream repository prefix associated with the pull through cache rule.</p>"
+          }
         }
       },
       "traits": {
@@ -2519,6 +2543,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache\n            rule.</p>"
           }
+        },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the IAM role associated with the pull through cache rule.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The upstream repository prefix associated with the pull through cache rule.</p>"
+          }
         }
       },
       "traits": {
@@ -3814,7 +3850,7 @@
         "value": {
           "target": "com.amazonaws.ecr#AccountSettingName",
           "traits": {
-            "smithy.api#documentation": "<p>The setting value for the setting name. The following are valid values for the basic scan\n            type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are valid\n            values for the registry policy scope being used: <code>V1</code> or\n            <code>V2</code>.</p>"
+            "smithy.api#documentation": "<p>The setting value for the setting name. The following are valid values for the basic\n            scan type being used: <code>AWS_NATIVE</code> or <code>CLAIR</code>. The following are\n            valid values for the registry policy scope being used: <code>V1</code> or\n                <code>V2</code>.</p>"
           }
         }
       },
@@ -4497,7 +4533,7 @@
         "imageSizeInBytes": {
           "target": "com.amazonaws.ecr#ImageSizeInBytes",
           "traits": {
-            "smithy.api#documentation": "<p>The size, in bytes, of the image in the repository.</p>\n         <p>If the image is a manifest list, this will be the max size of all manifests in the\n            list.</p>\n         <note>\n            <p>Beginning with Docker version 1.9, the Docker client compresses image layers\n                before pushing them to a V2 Docker registry. The output of the <code>docker\n                    images</code> command shows the uncompressed image size, so it may return a\n                larger image size than the image sizes returned by <a>DescribeImages</a>.</p>\n         </note>"
+            "smithy.api#documentation": "<p>The size, in bytes, of the image in the repository.</p>\n         <p>If the image is a manifest list, this will be the max size of all manifests in the\n            list.</p>\n         <note>\n            <p>Starting with Docker version 1.9, the Docker client compresses image layers before\n                pushing them to a V2 Docker registry. The output of the <code>docker images</code>\n                command shows the uncompressed image size. Therefore, Docker might return a larger\n                image than the image sizes returned by <a>DescribeImages</a>.</p>\n         </note>"
           }
         },
         "imagePushedAt": {
@@ -5900,6 +5936,18 @@
             "smithy.api#documentation": "<p>The ARN of the Secrets Manager secret associated with the pull through cache rule.</p>"
           }
         },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the IAM role associated with the pull through cache rule.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The upstream repository prefix associated with the pull through cache rule.</p>"
+          }
+        },
         "upstreamRegistry": {
           "target": "com.amazonaws.ecr#UpstreamRegistry",
           "traits": {
@@ -5954,7 +6002,7 @@
           "min": 2,
           "max": 30
         },
-        "smithy.api#pattern": "^(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*$"
+        "smithy.api#pattern": "^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$"
       }
     },
     "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefixList": {
@@ -6947,7 +6995,7 @@
         "repositoryPolicy": {
           "target": "com.amazonaws.ecr#RepositoryPolicyText",
           "traits": {
-            "smithy.api#documentation": "<p>he repository policy to apply to repositories created using the template. A repository\n            policy is a permissions policy associated with a repository to control access\n            permissions. </p>"
+            "smithy.api#documentation": "<p>The repository policy to apply to repositories created using the template. A\n            repository policy is a permissions policy associated with a repository to control access\n            permissions. </p>"
           }
         },
         "lifecyclePolicy": {
@@ -8165,8 +8213,13 @@
         "credentialArn": {
           "target": "com.amazonaws.ecr#CredentialArn",
           "traits": {
-            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate\n            to the upstream registry.</p>",
-            "smithy.api#required": {}
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate\n            to the upstream registry.</p>"
+          }
+        },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the\n            ECR upstream registry. This role must be in the same account as the registry that you\n            are configuring.</p>"
           }
         }
       },
@@ -8200,6 +8253,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache\n            rule.</p>"
           }
+        },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the IAM role associated with the pull through cache rule.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The upstream repository prefix associated with the pull through cache rule.</p>"
+          }
         }
       },
       "traits": {
@@ -8455,6 +8520,12 @@
     "com.amazonaws.ecr#UpstreamRegistry": {
       "type": "enum",
       "members": {
+        "Ecr": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ecr"
+          }
+        },
         "EcrPublic": {
           "target": "smithy.api#Unit",
           "traits": {
@@ -8576,6 +8647,18 @@
             "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache\n            rule.</p>"
           }
         },
+        "customRoleArn": {
+          "target": "com.amazonaws.ecr#CustomRoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the IAM role associated with the pull through cache rule.</p>"
+          }
+        },
+        "upstreamRepositoryPrefix": {
+          "target": "com.amazonaws.ecr#PullThroughCacheRuleRepositoryPrefix",
+          "traits": {
+            "smithy.api#documentation": "<p>The upstream repository prefix associated with the pull through cache rule.</p>"
+          }
+        },
         "isValid": {
           "target": "com.amazonaws.ecr#IsPTCRuleValid",
           "traits": {