fix(ecr): scanOnPush not supported in certain regions (#19940)

fixes #19918 

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: peterwoodworth

packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json

@@ -1362,11 +1362,6 @@
   },
   "batchjobrepo4C508C51": {
    "Type": "AWS::ECR::Repository",
-   "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    }
-   },
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },

packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json

@@ -1601,11 +1601,7 @@
                 "path": "batch-stack/batch-job-repo/Resource",
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
-                  "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    }
-                  }
+                  "aws:cdk:cloudformation:props": {}
                 },
                 "constructInfo": {
                   "fqn": "@aws-cdk/aws-ecr.CfnRepository",

packages/@aws-cdk/aws-codebuild/test/ecr.lit.integ.snapshot/test-codebuild-docker-asset.template.json

@@ -2,11 +2,6 @@
  "Resources": {
   "MyRepoF4F48043": {
    "Type": "AWS::ECR::Repository",
-   "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    }
-   },
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },

packages/@aws-cdk/aws-codebuild/test/ecr.lit.integ.snapshot/tree.json

@@ -25,11 +25,7 @@
                 "path": "test-codebuild-docker-asset/MyRepo/Resource",
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
-                  "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    }
-                  }
+                  "aws:cdk:cloudformation:props": {}
                 },
                 "constructInfo": {
                   "fqn": "@aws-cdk/aws-ecr.CfnRepository",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecr-source.integ.snapshot/aws-cdk-codepipeline-ecr-source.template.json

@@ -354,11 +354,6 @@
   },
   "MyEcrRepo767466D0": {
    "Type": "AWS::ECR::Repository",
-   "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    }
-   },
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecr-source.integ.snapshot/tree.json

@@ -574,11 +574,7 @@
                 "path": "aws-cdk-codepipeline-ecr-source/MyEcrRepo/Resource",
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
-                  "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    }
-                  }
+                  "aws:cdk:cloudformation:props": {}
                 },
                 "constructInfo": {
                   "fqn": "@aws-cdk/aws-ecr.CfnRepository",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecs-deploy.integ.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json

@@ -215,11 +215,6 @@
   },
   "EcrRepoBB83A592": {
    "Type": "AWS::ECR::Repository",
-   "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    }
-   },
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecs-deploy.integ.snapshot/tree.json

@@ -404,11 +404,7 @@
                 "path": "aws-cdk-codepipeline-ecs-deploy/EcrRepo/Resource",
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
-                  "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    }
-                  }
+                  "aws:cdk:cloudformation:props": {}
                 },
                 "constructInfo": {
                   "fqn": "@aws-cdk/aws-ecr.CfnRepository",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecs-separate-source.lit.integ.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json

@@ -2,11 +2,6 @@
  "Resources": {
   "EcsDeployRepositoryE7A569C0": {
    "Type": "AWS::ECR::Repository",
-   "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    }
-   },
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-ecs-separate-source.lit.integ.snapshot/tree.json

@@ -25,11 +25,7 @@
                 "path": "aws-cdk-pipeline-ecs-separate-sources/EcsDeployRepository/Resource",
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
-                  "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    }
-                  }
+                  "aws:cdk:cloudformation:props": {}
                 },
                 "constructInfo": {
                   "fqn": "@aws-cdk/aws-ecr.CfnRepository",

packages/@aws-cdk/aws-ecr/lib/repository.ts

@@ -534,7 +534,7 @@ export class Repository extends RepositoryBase {
       // It says "Text", but they actually mean "Object".
       repositoryPolicyText: Lazy.any({ produce: () => this.policyDocument }),
       lifecyclePolicy: Lazy.any({ produce: () => this.renderLifecyclePolicy() }),
-      imageScanningConfiguration: props.imageScanOnPush ? { scanOnPush: true } : { scanOnPush: false },
+      imageScanningConfiguration: props.imageScanOnPush !== undefined ? { scanOnPush: props.imageScanOnPush } : undefined,
       imageTagMutability: props.imageTagMutability || undefined,
       encryptionConfiguration: this.parseEncryption(props),
     });

packages/@aws-cdk/aws-ecr/test/basic.integ.snapshot/aws-ecr-integ-stack.template.json

@@ -3,9 +3,6 @@
   "Repo02AC86CF": {
    "Type": "AWS::ECR::Repository",
    "Properties": {
-    "ImageScanningConfiguration": {
-     "ScanOnPush": false
-    },
     "LifecyclePolicy": {
      "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":5},\"action\":{\"type\":\"expire\"}}]}"
     }

packages/@aws-cdk/aws-ecr/test/basic.integ.snapshot/tree.json

@@ -26,9 +26,6 @@
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::ECR::Repository",
                   "aws:cdk:cloudformation:props": {
-                    "imageScanningConfiguration": {
-                      "scanOnPush": false
-                    },
                     "lifecyclePolicy": {
                       "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":5},\"action\":{\"type\":\"expire\"}}]}"
                     }

packages/@aws-cdk/aws-ecr/test/repository.test.ts

@@ -20,11 +20,6 @@ describe('repository', () => {
       Resources: {
         Repo02AC86CF: {
           Type: 'AWS::ECR::Repository',
-          Properties: {
-            ImageScanningConfiguration: {
-              ScanOnPush: false,
-            },
-          },
           DeletionPolicy: 'Retain',
           UpdateReplacePolicy: 'Retain',
         },
@@ -34,13 +29,20 @@ describe('repository', () => {
 
   test('repository creation with imageScanOnPush', () => {
     // GIVEN
-    const stack = new cdk.Stack();
+    const noScanStack = new cdk.Stack();
+    const scanStack = new cdk.Stack();
 
     // WHEN
-    new ecr.Repository(stack, 'Repo', { imageScanOnPush: true });
+    new ecr.Repository(noScanStack, 'NoScanRepo', { imageScanOnPush: false });
+    new ecr.Repository(scanStack, 'ScanRepo', { imageScanOnPush: true });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
+    Template.fromStack(noScanStack).hasResourceProperties('AWS::ECR::Repository', {
+      ImageScanningConfiguration: {
+        ScanOnPush: false,
+      },
+    });
+    Template.fromStack(scanStack).hasResourceProperties('AWS::ECR::Repository', {
       ImageScanningConfiguration: {
         ScanOnPush: true,
       },

packages/@aws-cdk/aws-ecs/test/ec2/ec2-task-definition.test.ts

@@ -451,9 +451,6 @@ describe('ec2 task definition', () => {
 
       // THEN
       Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
-        ImageScanningConfiguration: {
-          ScanOnPush: false,
-        },
         LifecyclePolicy: {
           // eslint-disable-next-line max-len
           LifecyclePolicyText: '{"rules":[{"rulePriority":10,"selection":{"tagStatus":"tagged","tagPrefixList":["abc"],"countType":"imageCountMoreThan","countNumber":1},"action":{"type":"expire"}}]}',
@@ -674,11 +671,7 @@ describe('ec2 task definition', () => {
       });
 
       // THEN
-      Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
-        ImageScanningConfiguration: {
-          ScanOnPush: false,
-        },
-      });
+      Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {});
     });
 
     test('warns when setting containers from ECR repository using fromRegistry method', () => {

packages/@aws-cdk/aws-ecs/test/external/external-task-definition.test.ts

@@ -350,9 +350,6 @@ describe('external task definition', () => {
 
       // THEN
       Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
-        ImageScanningConfiguration: {
-          ScanOnPush: false,
-        },
         LifecyclePolicy: {
           // eslint-disable-next-line max-len
           LifecyclePolicyText: '{"rules":[{"rulePriority":10,"selection":{"tagStatus":"tagged","tagPrefixList":["abc"],"countType":"imageCountMoreThan","countNumber":1},"action":{"type":"expire"}}]}',
@@ -578,11 +575,7 @@ describe('external task definition', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
-      ImageScanningConfiguration: {
-        ScanOnPush: false,
-      },
-    });
+    Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {});
   });
 
   test('warns when setting containers from ECR repository using fromRegistry method', () => {