Skip to content

Latest commit

 

History

History
88 lines (72 loc) · 3.93 KB

README.md

File metadata and controls

88 lines (72 loc) · 3.93 KB
Raw

AWS ECR Repository

This module creates Amazon ECR (Elastic Container Registry).

NOTE! The encryption is enabled by default.

Example

# main.tf
module "ecr_repository" {
  source = "git::https://github.com/lpavliuk/Terraform-Modules.git//aws_ecr_repository"

  name                          = "example-repo"
  enable_image_tag_immutability = true
  enable_scanning_on_push       = true
  repository_policy_json        = data.aws_iam_policy_document.ecr_repository_policy.json
}

# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
data "aws_iam_policy_document" "ecr_repository_policy" {
  statement {
    sid    = "new policy"
    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = ["123456789012"]
    }

    actions = [
      "ecr:GetDownloadUrlForLayer",
      "ecr:BatchGetImage",
      "ecr:BatchCheckLayerAvailability",
      "ecr:PutImage",
      "ecr:InitiateLayerUpload",
      "ecr:UploadLayerPart",
      "ecr:CompleteLayerUpload",
      "ecr:DescribeRepositories",
      "ecr:GetRepositoryPolicy",
      "ecr:ListImages",
      "ecr:DeleteRepository",
      "ecr:BatchDeleteImage",
      "ecr:SetRepositoryPolicy",
      "ecr:DeleteRepositoryPolicy",
    ]
  }
}

Requirements

Name Version
terraform < 2.0.0, >= 1.6.6
aws < 6.0, >= 5.22

Inputs

Name Description Type Default Required
name Name of the ECR Repository Cluster

NOTE! The repository name must start with a letter and
can only contain lowercase letters, numbers, hyphens, underscores,
and forward slashes.		 string n/a yes
enable_image_tag_immutability Enable image tag immutability bool false no
enable_scanning_on_push Enable scanning on push bool false no
repository_policy_json ECR Repository Policy

More details here.		 string null no
lifecycle_policy_json ECR Repository Lifecycle Policy

More details here.		 string null no

Outputs

Name Description
id ECR Repository ID
arn ECR Repository ARN
name ECR Repository Name
repository_url ECR Repository URL
registry_id ECR Registry ID

Resources

Name Type
aws_ecr_lifecycle_policy.this resource
aws_ecr_repository.this resource
aws_ecr_repository_policy.example resource
aws_kms_key.ecr_kms resource