-
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathmain.tf
52 lines (43 loc) · 1.46 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
locals {
metadata = {
package = "terraform-aws-container"
version = trimspace(file("${path.module}/../../VERSION"))
module = basename(path.module)
name = local.account_id
}
module_tags = {
"module.terraform.io/package" = local.metadata.package
"module.terraform.io/version" = local.metadata.version
"module.terraform.io/name" = local.metadata.module
"module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
"module.terraform.io/instance" = local.metadata.name
}
}
data "aws_caller_identity" "this" {}
data "aws_region" "this" {}
locals {
account_id = data.aws_caller_identity.this.id
region = data.aws_region.this.name
}
###################################################
# Registry Policy
###################################################
resource "aws_ecr_account_setting" "registry_policy_scope" {
name = "REGISTRY_POLICY_SCOPE"
value = var.policy_version
}
data "aws_iam_policy_document" "this" {
source_policy_documents = compact([
one(data.aws_iam_policy_document.replication[*].json),
one(data.aws_iam_policy_document.pull_through_cache[*].json),
])
override_policy_documents = var.policy != null ? [var.policy] : null
}
resource "aws_ecr_registry_policy" "this" {
count = anytrue([
length(var.replication_policies) > 0,
length(var.pull_through_cache_policies) > 0,
var.policy != null,
]) ? 1 : 0
policy = data.aws_iam_policy_document.this.json
}