Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mattyait/terraform-aws-ecr

Terraform module for AWS ECR
https://github.com/mattyait/terraform-aws-ecr

aws aws-ecr aws-ecr-terraform ecr ecr-repositories terraform terraform-module

Last synced: 6 months ago
JSON representation

Terraform module for AWS ECR

Awesome Lists containing this project

README 

          
#  AWS ECR Module



AWS ECR Module which creates



-  KMS Key encryption

-  ECR lifecycle

-  ECR policy



## Usage

### Private Repository

```hcl

module "ecr" {

    source  = "mattyait/ecr/aws"

    version = "1.0.0"



    image_names = [

        "test",

        "test1",

    ]



    scan_on_push         = true

    image_tag_mutability = "IMMUTABLE"



    max_untagged_image_count = 5

    max_tagged_image_count   = 50

    protected_tags      = ["latest"]



    tags = {

        Environment = "demo"

        Created_By  = "Terraform"

    }

}

```



### Public Repository

```

module "public_ecr" {

  source          = "../"

  repository_type = "public"

  image_names = [

    "test",

    "test1",

  ]



  public_repository_catalog_data = [

    {

      description       = "Docker container Description test repo"

      about_text        = "About Text test"

      usage_text        = "Usage Text test"

      operating_systems = ["Linux"]

      architectures     = ["x86"]

    },

    {

      description       = "Docker container Description test1 repo"

      about_text        = "About Text test1"

      usage_text        = "Usage Text test1"

      operating_systems = ["Alpine"]

      architectures     = ["x86"]

    }

  ]



  tags = {

    Environment = "demo"

    Created_By  = "Terraform"

  }

}

```



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >=1.0.3 |

|  [aws](#requirement\_aws) | >= 5.31.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 5.31.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |

| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |

| [aws_ecr_repository_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy) | resource |

| [aws_ecrpublic_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecrpublic_repository) | resource |

| [aws_kms_alias.kms_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |

| [aws_kms_key.kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_iam_policy_document.only_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.push_and_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [encryption\_type](#input\_encryption\_type) | The encryption type to use for the repository. Valid values are `AES256` or `KMS` | `string` | `"AES256"` | no |

|  [image\_names](#input\_image\_names) | List of Docker local image names, used as repository names for AWS ECR | `list(string)` | `[]` | no |

|  [image\_tag\_mutability](#input\_image\_tag\_mutability) | Whether images are allowed to overwrite existing tags. | `string` | `"MUTABLE"` | no |

|  [kms\_key](#input\_kms\_key) | The ARN of the KMS key to use when encryption\_type is `KMS`. If not specified when encryption\_type is `KMS`, uses a new KMS key. Otherwise, uses the default AWS managed key for ECR. | `string` | `null` | no |

|  [max\_tagged\_image\_count](#input\_max\_tagged\_image\_count) | The maximum number of tagged images that you want to retain in repository. | `number` | `30` | no |

|  [max\_untagged\_image\_count](#input\_max\_untagged\_image\_count) | The maximum number of untagged images that you want to retain in repository. | `number` | `1` | no |

|  [only\_pull\_accounts](#input\_only\_pull\_accounts) | AWS accounts which pull only. | `list(string)` | `[]` | no |

|  [protected\_tags](#input\_protected\_tags) | Name of image tags prefixes that should not be destroyed. | `list(string)` | 
[
  "latest"
]
 | no |

|  [public\_repository\_catalog\_data](#input\_public\_repository\_catalog\_data) | Catalog data configuration for the public repository | `any` | `{}` | no |

|  [push\_and\_pull\_accounts](#input\_push\_and\_pull\_accounts) | AWS accounts which push and pull. | `list(string)` | `[]` | no |

|  [repository\_type](#input\_repository\_type) | The type of repository to create(public or private) | `string` | `"private"` | no |

|  [scan\_on\_push](#input\_scan\_on\_push) | Whether images should automatically be scanned on push or not. | `bool` | `false` | no |

|  [tags](#input\_tags) | The tags for the resources | `map(any)` | `{}` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [ecr\_repository\_arn](#output\_ecr\_repository\_arn) | Full ARN of the repository |

|  [ecr\_repository\_name](#output\_ecr\_repository\_name) | Name of first repository created |

|  [ecr\_repository\_registry\_id](#output\_ecr\_repository\_registry\_id) | The registry ID where the repository was created. |

|  [ecr\_repository\_url](#output\_ecr\_repository\_url) | URL of first repository created |

|  [repository\_arn\_map](#output\_repository\_arn\_map) | Map of repository names to repository ARNs |

|  [repository\_url\_map](#output\_repository\_url\_map) | Map of repository names to repository URLs |