{"id":44018480,"url":"https://github.com/perun-engineering/ecr-pull-through","last_synced_at":"2026-02-07T16:04:47.458Z","repository":{"id":307987599,"uuid":"1031276037","full_name":"Perun-Engineering/ecr-pull-through","owner":"Perun-Engineering","description":"ECR pull-through cache implementation for Docker Hub rate limits mitigation","archived":false,"fork":false,"pushed_at":"2025-08-03T12:02:22.000Z","size":41,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-03T14:16:48.311Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Perun-Engineering.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-03T11:58:19.000Z","updated_at":"2025-08-03T12:02:21.000Z","dependencies_parsed_at":"2025-08-03T14:16:53.487Z","dependency_job_id":"49387714-c27f-47ce-948b-629f31091d0e","html_url":"https://github.com/Perun-Engineering/ecr-pull-through","commit_stats":null,"previous_names":["perun-engineering/ecr-pull-through"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/Perun-Engineering/ecr-pull-through","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Perun-Engineering%2Fecr-pull-through","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Perun-Engineering%2Fecr-pull-through/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Perun-Engineering%2Fecr-pull-through/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Perun-Engineering%2Fecr-pull-through/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Perun-Engineering","download_url":"https://codeload.github.com/Perun-Engineering/ecr-pull-through/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Perun-Engineering%2Fecr-pull-through/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29199519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T14:35:27.868Z","status":"ssl_error","status_checked_at":"2026-02-07T14:25:51.081Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-07T16:04:35.422Z","updated_at":"2026-02-07T16:04:47.451Z","avatar_url":"https://github.com/Perun-Engineering.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ECR pull-through cache implementation\n\nStarting from April 1, 2025 Docker Hub introduces new rate limits\n\nThis was made to create ECR pull-through cache for other registries (both public and private) and can be used to:\n\n- caching public and private images in your private ECR registry\n- speedup pulling from private ECR to your local services (ECS, EKS, Lambdas, etc.)\n- define lifecycle policy to keep only the required number of the latest tags\n- security scanning of images during pull\n- a single place to update your token in case of rotation or expiration (e.g. Gitlab do not allow you to create tokens with an expiration date longer than one year). Just imagine you need to go through all your credentials in all K8s clusters one per year to update tokens.\n\n```sh\n# direct pull from Docker Hub\ndocker pull timberio/vector:0.45.0-alpine\n# pull through ECR\ndocker pull 123456789012.dkr.ecr.us-east-1.amazonaws.com/dockerhub/timberio/vector:0.45.0-alpine\n```\n\nIf in YAML not specified `lifecycle_policy` module applies following default lifecycle policy to each created template:\n```\nlifecycle_policy:\n    rules:\n        - rulePriority: 1\n            description: \"Keep last 3 images\"\n            selection:\n            tagStatus: \"any\"\n            countType: \"imageCountMoreThan\"\n            countNumber: 3\n            action:\n            type: \"expire\"\n```\n\nMore details about this module in \u003ca name=\"blog post\"\u003e\u003c/a\u003e [blog post](https://sirantd.com/aws-and-docker-hub-limits-smart-strategies-for-april-2025-changes-42bd9295cad6)\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5.4 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e=5.75.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.89.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_pull_through_cache_repository_template\"\u003e\u003c/a\u003e [pull\\_through\\_cache\\_repository\\_template](#module\\_pull\\_through\\_cache\\_repository\\_template) | terraform-aws-modules/ecr/aws//modules/repository-template | 2.3.1 |\n| \u003ca name=\"module_secrets_manager_credentials\"\u003e\u003c/a\u003e [secrets\\_manager\\_credentials](#module\\_secrets\\_manager\\_credentials) | terraform-aws-modules/secrets-manager/aws | 1.3.1 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | AWS region where we are creating rules | `string` | `\"\"` | no |\n| \u003ca name=\"input_registries\"\u003e\u003c/a\u003e [registries](#input\\_registries) | List of registries to create rules for | \u003cpre\u003emap(object({\u003cbr/\u003e    registry                    = string\u003cbr/\u003e    username                    = optional(string)\u003cbr/\u003e    accessToken                 = optional(string)\u003cbr/\u003e    repository_read_access_arns = optional(list(string))\u003cbr/\u003e    image_tag_mutability        = optional(string)\u003cbr/\u003e    lifecycle_policy = optional(object({\u003cbr/\u003e      rules = list(object({\u003cbr/\u003e        rulePriority = number\u003cbr/\u003e        description  = string\u003cbr/\u003e        selection = object({\u003cbr/\u003e          tagStatus   = string\u003cbr/\u003e          countType   = string\u003cbr/\u003e          countNumber = number\u003cbr/\u003e        })\u003cbr/\u003e        action = object({\u003cbr/\u003e          type = string\u003cbr/\u003e        })\u003cbr/\u003e      }))\u003cbr/\u003e    }))\u003cbr/\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags that will be assigned to all resources | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_pull_through_cache_urls\"\u003e\u003c/a\u003e [pull\\_through\\_cache\\_urls](#output\\_pull\\_through\\_cache\\_urls) | List of ECR pull-through cache URLs for your images |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperun-engineering%2Fecr-pull-through","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperun-engineering%2Fecr-pull-through","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperun-engineering%2Fecr-pull-through/lists"}