This Terraform module creates an AWS Elastic Container Registry (ECR) along with additional configuration options.
To use this module, you should have Terraform installed and configured for AWS. This module provides the necessary Terraform configuration for creating AWS resources, and you can customize the inputs as needed. Below is an example of how to use this module:
module "private_ecr" {
source = "git::https://github.com/opsstation/terraform-aws-ecr.git?ref=v1.0.0"
enable_private_ecr = true
name = local.name
environment = local.environment
scan_on_push = true
max_image_count = 7
}
module "public_ecr" {
source = "git::https://github.com/opsstation/terraform-aws-ecr.git?ref=v1.0.0"
enable_public_ecr = true
name = local.name
environment = local.environment
max_untagged_image_count = 1
max_image_count = 7
public_repository_catalog_data = {
description = "Docker container for some things"
operating_systems = ["Linux"]
architectures = ["x86"]
}
}
For detailed examples on how to use this module, please refer to the examples directory within this repository.
This Terraform module is provided under the MIT License. Please see the LICENSE file for more details.
Your Name Replace MIT and opsstation with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
Name | Version |
---|---|
terraform | >= 1.6.3 |
aws | >= 5.13.1 |
Name | Version |
---|---|
aws | >= 5.13.1 |
Name | Source | Version |
---|---|---|
labels | git::https://github.com/opsstation/terraform-aws-labels.git | v1.0.0 |
Name | Type |
---|---|
aws_ecr_lifecycle_policy.private | resource |
aws_ecr_repository.default | resource |
aws_ecr_repository_policy.private | resource |
aws_ecr_repository_policy.public | resource |
aws_ecrpublic_repository.default | resource |
aws_iam_policy_document.empty | data source |
aws_iam_policy_document.resource_full_access_private | data source |
aws_iam_policy_document.resource_full_access_public | data source |
aws_iam_policy_document.resource_private | data source |
aws_iam_policy_document.resource_public | data source |
aws_iam_policy_document.resource_readonly_access_private | data source |
aws_iam_policy_document.resource_readonly_access_public | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
enable_private_ecr | Set to false to prevent the module from creating any resources. | bool |
false |
no |
enable_public_ecr | Set to false to prevent the module from creating any resources. | bool |
false |
no |
encryption_type | The encryption type for the repository. Must be one of: KMS or AES256 . Defaults to AES256 |
string |
"KMS" |
no |
environment | Environment (e.g. prod , dev , staging ). |
string |
"" |
no |
image_tag_mutability | The tag mutability setting for the repository. | string |
"IMMUTABLE" |
no |
kms_key | The ARN of the KMS key to use when encryption_type is KMS . If not specified, uses the default AWS managed key for ECR |
string |
null |
no |
label_order | Label order, e.g. name ,application . |
list(any) |
[ |
no |
managedby | ManagedBy, eg 'opsStation' | string |
"" |
no |
max_image_count | How many Docker Image versions AWS ECR will store. | number |
10 |
no |
max_untagged_image_count | How many Untagged Docker Image versions AWS ECR will store. | number |
1 |
no |
name | Name (e.g. app or cluster ). |
string |
"" |
no |
principals_full_access | Principal ARN to provide with full access to the ECR. | list(any) |
[] |
no |
principals_readonly_access | Principal ARN to provide with readonly access to the ECR. | list(any) |
[] |
no |
public_repository_catalog_data | Catalog data configuration for the repository | any |
{} |
no |
repository | Terraform current module repo | string |
"" |
no |
repository_force_delete | If true , will delete the repository even if it contains images. Defaults to false |
bool |
false |
no |
scan_on_push | Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false). | bool |
true |
no |
tags | Additional tags (e.g. map(BusinessUnit ,XYZ ). |
map(any) |
{} |
no |
timeouts | Timeouts map. | map(any) |
{} |
no |
use_fullname | Set 'true' to use namespace-stage-name for ecr repository name, else name . |
string |
"" |
no |
Name | Description |
---|---|
arn | n/a |
registry_id | n/a |
registry_url | n/a |
repository_name | n/a |
tags | n/a |