This module creates following resources.
aws_ecr_account_settingaws_ecr_registry_policy(optional)aws_ecr_replication_configuration(optional)aws_ecr_pull_through_cache_rule(optional)aws_ecr_registry_scanning_configuration
| Name | Version |
|---|---|
| terraform | >= 1.10 |
| aws | >= 5.83 |
| Name | Version |
|---|---|
| aws | 5.91.0 |
No modules.
| Name | Type |
|---|---|
| aws_ecr_account_setting.basic_scan_type_version | resource |
| aws_ecr_account_setting.registry_policy_scope | resource |
| aws_ecr_pull_through_cache_rule.this | resource |
| aws_ecr_registry_policy.this | resource |
| aws_ecr_registry_scanning_configuration.this | resource |
| aws_ecr_replication_configuration.this | resource |
| aws_caller_identity.this | data source |
| aws_iam_policy_document.pull_through_cache | data source |
| aws_iam_policy_document.replication | data source |
| aws_iam_policy_document.this | data source |
| aws_region.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| policy | (Optional) The policy document for ECR registry. This is a JSON formatted string. | string |
null |
no |
| policy_version | (Optional) The policy version of ECR registry. Valid values are V1 or V2. Defaults to V2.V1 - Only support three actions: ReplicateImage, BatchImportUpstreamImage, and CreateRepositoryV2 - Support all ECR actions in the policy and enforce the registry policy in all ECR requests |
string |
"V2" |
no |
| pull_through_cache_policies | (Optional) A list of ECR Registry Policies for Pull Through Cache. Each block of pull_through_cache_policies as defined below.(Required) iam_entities - One or more IAM principals to grant permission. Support the ARN of IAM entities, or AWS account ID.(Optional) allow_create_repository - Whether to auto-create the cached repositories with the same name within the current registry. Defaults to false.(Required) repositories - A list of target repositories. Support glob expressions for repositories like *. |
list(object({ |
[] |
no |
| pull_through_cache_rules | (Optional) A list of Pull Through Cache Rules for ECR registry. A pull_through_cache_rules block as defined below.(Required) upstream_url - The registry URL of the upstream public registry to use as the source.(Optional) namespace - The repository name prefix to use when caching images from the source registry. Default value is used if not provided.(Optional) credential - The configuration for credential to use to authenticate against the registry. A credential block as defined below.(Required) secretsmanager_secret - The ARN of the Secrets Manager secret to use for authentication. |
list(object({ |
[] |
no |
| replication_policies | (Optional) A list of replication policies for ECR Registry. Each block of replication_policies as defined below.(Required) account - The AWS account ID of the source registry owner.(Optional) allow_create_repository - Whether to auto-create the replicated repositories with the same name within the current registry. Defaults to false.(Required) repositories - A list of target repositories. Support glob expressions like *. |
list(object({ |
[] |
no |
| replication_rules | (Optional) A list of replication rules for ECR Registry. Each rule represents the replication destinations and repository filters for a replication configuration. Each block of replication_rules as defined below.(Required) destinations - A list of destinations for replication rule. Each block of destinations as defined below.(Optional) account - The AWS account ID of the ECR private registry to replicate to. Only required for cross-account replication.(Required) region - The Region to replicate to.(Optional) filters - The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated. Each block of filters as defined below.(Optional) type - The repository filter type. The only supported value is PREFIX_MATCH, which is a repository name prefix. Defaults to PREFIX_MATCH.(Required) value - The repository filter value. |
list(object({ |
[] |
no |
| scanning_basic_version | (Optional) The version of basic scanning for the registry. Valid values are AWS_NATIVE or CLAIR. Defaults to AWS_NATIVE. CLAIR was deprecated. |
string |
"AWS_NATIVE" |
no |
| scanning_rules | (Optional) A list of scanning rules to determine which repository filters are used and at what frequency scanning will occur. Each block of scanning_rules as defined below.(Required) frequency - The frequency that scans are performed at for a private registry. Valid values are SCAN_ON_PUSH, CONTINUOUS_SCAN.(Optional) filters - The configuration of repository filters for image scanning.(Optional) type - The repository filter type. The only supported value is WILDCARD. A filter with no wildcard will match all repository names that contain the filter. A filter with a wildcard (*) matches on any repository name where the wildcard replaces zero or more characters in the repository name. Defaults to WILDCARD.(Required) value - The repository filter value. |
list(object({ |
[] |
no |
| scanning_type | (Optional) The scanning type to set for the registry. Valid values are ENHANCED or BASIC. Defaults to BASIC. |
string |
"BASIC" |
no |
| Name | Description |
|---|---|
| id | The ID of the registry. |
| name | The name of the registry. |
| policy | The registry policy. |
| policy_version | The policy version of ECR registry. |
| pull_through_cache_policies | A list of Pull Through Cache policies for ECR Registry. |
| pull_through_cache_rules | A list of Pull Through Cache Rules for ECR registry. |
| replication_policies | A list of replication policies for ECR Registry. |
| replication_rules | A list of replication rules for ECR Registry. |
| scanning_basic_version | The version of basic scanning for the registry. |
| scanning_rules | A list of scanning rules to determine which repository filters are used and at what frequency scanning will occur. |
| scanning_type | The scanning type to set for the registry. |