AWS ECR Module which creates
- KMS Key encryption
- ECR lifecycle
- ECR policy
module "ecr" {
source = "mattyait/ecr/aws"
version = "1.0.0"
image_names = [
"test",
"test1",
]
scan_on_push = true
image_tag_mutability = "IMMUTABLE"
max_untagged_image_count = 5
max_tagged_image_count = 50
protected_tags = ["latest"]
tags = {
Environment = "demo"
Created_By = "Terraform"
}
}module "public_ecr" {
source = "../"
repository_type = "public"
image_names = [
"test",
"test1",
]
public_repository_catalog_data = [
{
description = "Docker container Description test repo"
about_text = "About Text test"
usage_text = "Usage Text test"
operating_systems = ["Linux"]
architectures = ["x86"]
},
{
description = "Docker container Description test1 repo"
about_text = "About Text test1"
usage_text = "Usage Text test1"
operating_systems = ["Alpine"]
architectures = ["x86"]
}
]
tags = {
Environment = "demo"
Created_By = "Terraform"
}
}
| Name | Version |
|---|---|
| terraform | >=1.0.3 |
| aws | >= 5.31.0 |
| Name | Version |
|---|---|
| aws | >= 5.31.0 |
No modules.
| Name | Type |
|---|---|
| aws_ecr_lifecycle_policy.this | resource |
| aws_ecr_repository.this | resource |
| aws_ecr_repository_policy.this | resource |
| aws_ecrpublic_repository.this | resource |
| aws_kms_alias.kms_key_alias | resource |
| aws_kms_key.kms_key | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.only_pull | data source |
| aws_iam_policy_document.push_and_pull | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| encryption_type | The encryption type to use for the repository. Valid values are AES256 or KMS |
string |
"AES256" |
no |
| image_names | List of Docker local image names, used as repository names for AWS ECR | list(string) |
[] |
no |
| image_tag_mutability | Whether images are allowed to overwrite existing tags. | string |
"MUTABLE" |
no |
| kms_key | The ARN of the KMS key to use when encryption_type is KMS. If not specified when encryption_type is KMS, uses a new KMS key. Otherwise, uses the default AWS managed key for ECR. |
string |
null |
no |
| max_tagged_image_count | The maximum number of tagged images that you want to retain in repository. | number |
30 |
no |
| max_untagged_image_count | The maximum number of untagged images that you want to retain in repository. | number |
1 |
no |
| only_pull_accounts | AWS accounts which pull only. | list(string) |
[] |
no |
| protected_tags | Name of image tags prefixes that should not be destroyed. | list(string) |
[ |
no |
| public_repository_catalog_data | Catalog data configuration for the public repository | any |
{} |
no |
| push_and_pull_accounts | AWS accounts which push and pull. | list(string) |
[] |
no |
| repository_type | The type of repository to create(public or private) | string |
"private" |
no |
| scan_on_push | Whether images should automatically be scanned on push or not. | bool |
false |
no |
| tags | The tags for the resources | map(any) |
{} |
no |
| Name | Description |
|---|---|
| ecr_repository_arn | Full ARN of the repository |
| ecr_repository_name | Name of first repository created |
| ecr_repository_registry_id | The registry ID where the repository was created. |
| ecr_repository_url | URL of first repository created |
| repository_arn_map | Map of repository names to repository ARNs |
| repository_url_map | Map of repository names to repository URLs |