Terraform module to setup and manage AWS Elastic Container Registry (ECR) repositories.
module "ecr" {
source = "github.com/schubergphilis/terraform-aws-mcaf-ecr"
repository_names = ["image-x", "namespace/image-y"]
}module "ecr" {
source = "github.com/schubergphilis/terraform-aws-mcaf-ecr"
repository_names = ["image-x", "namespace/image-y"]
additional_ecr_policy_statements = {
lambda = {
effect = "Allow"
principal = {
type = "service"
identifiers = ["lambda.amazonaws.com"]
}
actions = [
"ecr:BatchGetImage",
"ecr:DeleteRepositoryPolicy",
"ecr:GetDownloadUrlForLayerecr:GetRepositoryPolicy",
"ecr:SetRepositoryPolicy"
]
}
}
}| Name | Version |
|---|---|
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| repository_names | list of repository names, names can include namespaces: prefixes ending with a slash (/) | list(string) |
n/a | yes |
| additional_ecr_policy_statements | Map of additional ecr repository policy statements | map(object({ |
null |
no |
| enable_lifecycle_policy | Set to false to prevent the module from adding any lifecycle policies to any repositories | bool |
true |
no |
| image_tag_mutability | The tag mutability setting for the repository. Must be: MUTABLE or IMMUTABLE |
string |
"IMMUTABLE" |
no |
| kms_key_arn | The KMS key ARN used for the repository encryption | string |
null |
no |
| principals_readonly_access | Principal ARNs to provide with readonly access to the ECR | list(string) |
[] |
no |
| scan_images_on_push | Indicates if images are automatically scanned after being pushed to the repository | bool |
true |
no |
| tags | Mapping of tags | map(string) |
{} |
no |
No output.