awscc_ecr_repository (Resource)

The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see Amazon ECR private repositories in the Amazon ECR User Guide.

Example Usage

ECR Repository with scan on push

To create ECR Repository with scan on push:

resource "awscc_ecr_repository" "this" {
  repository_name      = "example-ecr"
  image_tag_mutability = "MUTABLE"
  image_scanning_configuration = {
    scan_on_push = true
  }

}

ECR Repository with lifecycle policy

To create ECR Repository with lifecycle policy that expires untagged images older than 14 days:

resource "awscc_ecr_repository" "lifecycle_policy_example" {
  repository_name      = "example-ecr-lifecycle-policy"
  image_tag_mutability = "MUTABLE"

  lifecycle_policy = {
    lifecycle_policy_text = <<EOF
        {
            "rules": [
                {
                    "rulePriority": 1,
                    "description": "Expire images older than 14 days",
                    "selection": {
                        "tagStatus": "untagged",
                        "countType": "sinceImagePushed",
                        "countUnit": "days",
                        "countNumber": 14
                    },
                    "action": {
                        "type": "expire"
                    }
                }
            ]
        }
        EOF
  }
}
        {
            "rules": [
                {
                    "rulePriority": 1,
                    "description": "Expire images older than 14 days",
                    "selection": {
                        "tagStatus": "untagged",
                        "countType": "sinceImagePushed",
                        "countUnit": "days",
                        "countNumber": 14
                    },
                    "action": {
                        "type": "expire"
                    }
                }
            ]
        }
        EOF
  }
}

ECR Repository with repository policy

To create ECR Repository with repository policy that allows AWS CodeBuild access to the Amazon ECR API actions:

resource "awscc_ecr_repository" "repo_policy_example" {
  repository_name      = "example-ecr-repository-policy"
  image_tag_mutability = "MUTABLE"

  repository_policy_text = jsonencode(
    {
      "Version" : "2012-10-17",
      "Statement" : [
        {
          "Sid" : "CodeBuildAccess",
          "Effect" : "Allow",
          "Principal" : {
            "Service" : "codebuild.amazonaws.com"
          },
          "Action" : [
            "ecr:BatchGetImage",
            "ecr:GetDownloadUrlForLayer"
          ],
          "Condition" : {
            "ArnLike" : {
              "aws:SourceArn" : "arn:aws:codebuild:region:123456789012:project/project-name"
            },
            "StringEquals" : {
              "aws:SourceAccount" : "123456789012"
            }
          }
        }
      ]
    }
  )

}

Schema

Optional

Read-Only

Nested Schema for encryption_configuration

Required:

Optional:

Nested Schema for image_scanning_configuration

Optional:

Nested Schema for lifecycle_policy

Optional:

Nested Schema for tags

Required:

Import

Import is supported using the following syntax:

$ terraform import awscc_ecr_repository.example <resource ID>