Skip to content

opsstation/terraform-aws-ecr

BranchesTags

Repository files navigation

Terraform-aws-ecr

Terraform AWS Cloud ECR Module

Table of Contents

Introduction

This Terraform module creates an AWS Elastic Container Registry (ECR) along with additional configuration options.

Usage

To use this module, you should have Terraform installed and configured for AWS. This module provides the necessary Terraform configuration for creating AWS resources, and you can customize the inputs as needed. Below is an example of how to use this module:

Example : private_ecr

module "private_ecr" {
  source             = "git::https://github.com/opsstation/terraform-aws-ecr.git?ref=v1.0.0"
  enable_private_ecr = true
  name               = local.name
  environment        = local.environment
  scan_on_push       = true
  max_image_count    = 7
}

Example : public_ecr

module "public_ecr" {
  source                   = "git::https://github.com/opsstation/terraform-aws-ecr.git?ref=v1.0.0"
  enable_public_ecr        = true
  name                     = local.name
  environment              = local.environment
  max_untagged_image_count = 1
  max_image_count          = 7
  public_repository_catalog_data = {
    description       = "Docker container for some things"
    operating_systems = ["Linux"]
    architectures     = ["x86"]
  }
}

Examples

For detailed examples on how to use this module, please refer to the examples directory within this repository.

License

This Terraform module is provided under the MIT License. Please see the LICENSE file for more details.

Author

Your Name Replace MIT and opsstation with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

Requirements

Name Version
terraform >= 1.6.3
aws >= 5.13.1

Providers

Name Version
aws >= 5.13.1

Modules

Name Source Version
labels git::https://github.com/opsstation/terraform-aws-labels.git v1.0.0

Resources

Name Type
aws_ecr_lifecycle_policy.private resource
aws_ecr_repository.default resource
aws_ecr_repository_policy.private resource
aws_ecr_repository_policy.public resource
aws_ecrpublic_repository.default resource
aws_iam_policy_document.empty data source
aws_iam_policy_document.resource_full_access_private data source
aws_iam_policy_document.resource_full_access_public data source
aws_iam_policy_document.resource_private data source
aws_iam_policy_document.resource_public data source
aws_iam_policy_document.resource_readonly_access_private data source
aws_iam_policy_document.resource_readonly_access_public data source

Inputs

Name Description Type Default Required
enable_private_ecr Set to false to prevent the module from creating any resources. bool false no
enable_public_ecr Set to false to prevent the module from creating any resources. bool false no
encryption_type The encryption type for the repository. Must be one of: KMS or AES256. Defaults to AES256 string "KMS" no
environment Environment (e.g. prod, dev, staging). string "" no
image_tag_mutability The tag mutability setting for the repository. string "IMMUTABLE" no
kms_key The ARN of the KMS key to use when encryption_type is KMS. If not specified, uses the default AWS managed key for ECR string null no
label_order Label order, e.g. name,application. list(any) 
[
  "name",
  "environment"
]
 no
managedby ManagedBy, eg 'opsStation' string "" no
max_image_count How many Docker Image versions AWS ECR will store. number 10 no
max_untagged_image_count How many Untagged Docker Image versions AWS ECR will store. number 1 no
name Name (e.g. app or cluster). string "" no
principals_full_access Principal ARN to provide with full access to the ECR. list(any) [] no
principals_readonly_access Principal ARN to provide with readonly access to the ECR. list(any) [] no
public_repository_catalog_data Catalog data configuration for the repository any {} no
repository Terraform current module repo string "" no
repository_force_delete If true, will delete the repository even if it contains images. Defaults to false bool false no
scan_on_push Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false). bool true no
tags Additional tags (e.g. map(BusinessUnit,XYZ). map(any) {} no
timeouts Timeouts map. map(any) {} no
use_fullname Set 'true' to use namespace-stage-name for ecr repository name, else name. string "" no

Outputs

Name Description
arn n/a
registry_id n/a
registry_url n/a
repository_name n/a
tags n/a

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Feb 22, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages