This terraform module will deploy the following services:
- ECR Repository
- ECR Repository Policy
- ECR Repository Lifecycle Policy
module "ecr" {
source = "github.com/terrablocks/aws-ecr.git?ref=" # Always use `ref` to point module to a specific version or hash
name = "backend"
}
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 5.82.2 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
apply_default_lifecycle_policy | Whether to create a lifecycle policy to delete container image after 30 days. Set this to false if you are passing custom policy | bool |
true |
no |
custom_lifecycle_policy | Pass a custom JSON formatted string policy document. Refer to AWS doc for creating the policy document | string |
"" |
no |
ecr_resource_policy | To attach a resource policy to ECR repository provide a JSON formatted policy document. Refer to AWS doc for creating the policy document | string |
"" |
no |
force_delete | Delete the ECR repository even if it contains images | bool |
true |
no |
image_tag_mutability | Whether to allow image overwrite | string |
"IMMUTABLE" |
no |
kms_key | ID/Alias/ARN of KMS key to use for SSE encryption. You can skip this to use default AWS managed key | string |
"alias/aws/ecr" |
no |
name | Name of ECR repository | string |
n/a | yes |
scan_image_on_push | Enable scanning of container image for vulnerabilities on push | bool |
true |
no |
tags | Map of key value pair to associate with ECR repo | map(string) |
{} |
no |
Name | Description |
---|---|
arn | ARN of the ECR repository |
id | The registry ID where the ECR repository is created |
name | Name of the ECR repository |
url | URL of the ECR repository |