forked from cloudposse/terraform-aws-ecr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.yaml
109 lines (91 loc) · 3.6 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
---
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-ecr
# Tags of this project
tags:
- aws
- terraform
- terraform-modules
- platform
- ecr
- docker
- docker-registry
# Categories of this project
categories:
- terraform-modules/platform
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-ecr
# Badges to display
badges:
- name: "Latest Release"
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg"
url: "https://github.com/cloudposse/terraform-aws-ecr/releases/latest"
- name: "Slack Community"
image: "https://slack.cloudposse.com/badge.svg"
url: "https://slack.cloudposse.com"
related:
- name: "terraform-aws-jenkins"
description: "Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack"
url: "https://github.com/cloudposse/terraform-aws-jenkins"
- name: "terraform-aws-kops-ecr"
description: "Terraform module to provision an ECR repository and grant users and kubernetes nodes access to it."
url: "https://github.com/cloudposse/terraform-aws-kops-ecr"
# Short description of this project
description: |-
Terraform module to provision an [`AWS ECR Docker Container registry`](https://aws.amazon.com/ecr/).
# How to use this project
usage: |-
The module creates one or more Elastic Container Registry (ECR) repositories. All repositories created
will share the same configuration. Use this module multiple times to create repositories with
different configurations.
If you provide 1 or more names in `image_names` then one repository will be created for
each of the names you provide. Those names can include "namespaces", which are just
prefixes ending with a slash (`/`).
If you do not provide any names in `image_names`, the module will create a single ECR repo
named `namespace-stage-name` or just `name` depending on the value of `use_fullname`.
Access to the repositories is granted to via the `principals_full_access` and
`principals_readonly_access` lists, which are lists of strings that can designate [any valid AWS
Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#Principal_specifying).
This module only creates the Repository Policy allowing those Principals access.
The Principals will still separately need IAM policies allowing them permission
to execute ECR actions against the repository. For more details, see
[How Amazon Elastic Container Registry Works with IAM](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_service-with-iam.html).
Include this repository as a module in your existing terraform code:
```hcl
# IAM Role to be granted ECR permissions
data "aws_iam_role" "ecr" {
name = "ecr"
}
module "ecr" {
source = "cloudposse/ecr/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
namespace = "eg"
stage = "test"
name = "ecr"
principals_full_access = [data.aws_iam_role.ecr.arn]
}
```
include:
- "docs/targets.md"
- "docs/terraform.md"
# Contributors to this project
contributors:
- name: "Igor Rodionov"
github: "goruha"
- name: "Andriy Knysh"
github: "aknysh"
- name: "Sergey Vasilyev"
github: "s2504s"
- name: "Ivan Pinatti"
github: "ivan-pinatti"
- name: "Erik Osterman"
github: "osterman"