Skip to content
/ terraform-aws-sns-to-ecr-tag Public

Terraform module which allows ECR images to have tags added by sending a message to an SNS topic

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jfharden/terraform-aws-sns-to-ecr-tag

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
examples
examples
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.tool-versions
.tool-versions
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

terraform-aws-sns-to-ecr-tag

Terraform module which allows ECR images to have tags added by sending a message to an SNS topic

The following directories are in the github repo:

  • /: The terraform module itself in the root of the project
  • examples: Fully functional terraform examples using this module
  • src: Python code for the lambda function
  • test: Tests for the module written in go using terratest and deploying the examples from the examples directory

SNS Topic Body

You can send a JSON message to the created SNS topic with the following fields:

name description
ecr_repo_name The name of the ECR repo with the image in
ecr_tag_to_update The tag for the image to update
ecr_tag_to_add The tag to add to the image

Example SNS message body:

{
  "ecr_repo_name": "my_wonderful_repository",
  "ecr_tag_to_update": "1.2",
  "ecr_tag_to_add": "deployed_on_20200511T2321Z"
}

How this works

The SNS topic will trigger a lambda function, that lambda function adds a tag to the image (without having to pull or
push the whole image (see the guide https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-retag.html).

This does require the docker images to made with Docker image Manifest V2 Schema 2.

If the lambda fails it will deliver the failures to the dead letter queue. I would also like to send the failed sns
messages to the DLQ but terraform support is lacking for that at the moment (see
hashicorp/terraform-provider-aws#10931 )

Inputs

Name Description Type Default Required
environment Deployment environment (e.g. prod, test, dev) string n/a yes
name Name to give to all created resources string n/a yes
repos_to_grant_permission A list of ECR repo arns, if set permission will be granted for the lambda created to apply tags to this repo, and read the image manifests for the listed repos. If unset permission will be granted to all repos in the account list [] no
tags Additional tags to add to all taggable resources created map {} no

Outputs

Name Description
dead_letter_queue_arn ARN of the dead letter queue for the SNS topic
lambda_function_arn ARN of the lambda function which performs the tagging
sns_topic_arn ARN of the SNS topic to trigger the tags

About

Terraform module which allows ECR images to have tags added by sending a message to an SNS topic

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

Initial release Latest
May 12, 2020

Packages

No packages published

Languages