Terraform module to setup and manage AWS Elastic Container Registry (ECR) repositories.
module "ecr" {
source = "github.com/schubergphilis/terraform-aws-mcaf-ecr"
repository_names = ["image-x", "namespace/image-y"]
}module "ecr" {
source = "github.com/schubergphilis/terraform-aws-mcaf-ecr"
repository_names = ["image-x", "namespace/image-y"]
additional_ecr_policy_statements = {
lambda = {
effect = "Allow"
principal = {
type = "service"
identifiers = ["lambda.amazonaws.com"]
}
actions = [
"ecr:BatchGetImage",
"ecr:DeleteRepositoryPolicy",
"ecr:GetDownloadUrlForLayerecr:GetRepositoryPolicy",
"ecr:SetRepositoryPolicy"
]
}
}
}
| Name |
Version |
| terraform |
>= 0.13 |
| Name |
Description |
Type |
Default |
Required |
| repository_names |
list of repository names, names can include namespaces: prefixes ending with a slash (/) |
list(string) |
n/a |
yes |
| additional_ecr_policy_statements |
Map of additional ecr repository policy statements |
map(object({
effect = string
principal = object({
type = string
identifiers = list(string)
})
actions = list(string)
})) |
null |
no |
| enable_lifecycle_policy |
Set to false to prevent the module from adding any lifecycle policies to any repositories |
bool |
true |
no |
| image_tag_mutability |
The tag mutability setting for the repository. Must be: MUTABLE or IMMUTABLE |
string |
"IMMUTABLE" |
no |
| kms_key_arn |
The KMS key ARN used for the repository encryption |
string |
null |
no |
| principals_readonly_access |
Principal ARNs to provide with readonly access to the ECR |
list(string) |
[] |
no |
| scan_images_on_push |
Indicates if images are automatically scanned after being pushed to the repository |
bool |
true |
no |
| tags |
Mapping of tags |
map(string) |
{} |
no |
No output.