This module simplifies the creation of an Amazon Elastic Container Registry (ECR) which can be accessed by different AWS accounts. The lifecycle policy rules are turned on by default but can be disabled if required.
data "aws_iam_role" "ecr" {
name = "ecr"
}
module "ecr" {
source = "git::https://github.com/bnc-projects/terraform-aws-ecr.git?ref=1.0.0"
allowed_read_principals = concat("${formatlist("arn:aws:iam::%s:root", var.account_ids)}", ["arn:aws:iam::${var.account_id}:role/TravisCI"])
allowed_write_principals = ["arn:aws:iam::${var.account_id}:role/TravisCI"]
ecr_repo_name = "${var.ecr_repo_name}"
enable_ecr_lifecycle = true
max_images = 50
tags = "${merge(local.common_tags, var.tags)}"
}
Name
Description
Type
Default
Required
allowed_read_principals
A list of account ids which are allowed to read from the repository
list
-
yes
allowed_write_principals
A list of principals which are allowed to write to the repository
list
-
yes
ecr_repo_name
The name of the repository
string
-
yes
enable_ecr_lifecycle
Set to false to prevent the module from creating a ECR lifecycle policy
boolean
trueno
max_images
The maximum number of images to store in the repository
number
100no
tags
A map of tags to add to the appropriate resources
map
<map>no
Name
Description
repository_url
The Elastic Container Registry URL