Skip to content
/ terraform-aws-ecr-pull-through-cache Public

This module creates all the needed resources to deploy an ECR pull through cache rule.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sparkfabrik/terraform-aws-ecr-pull-through-cache

BranchesTags

Repository files navigation

AWS ECR Pull Through cache module

This module creates an ECR (Elastic Container Registry) pull through cache role resource and all the resources necessary to use it.

Upstream credentials

The upstream repository credentials must be stored in an AWS Secrets Manager secret.

The secret, with a dummy values, is created by the module using the same name as upstream_registry variable value plus an AWS prefix. You need to update the secret with the real credentials. ⚠️ ATTENTION: this module ignores any changes for the secret value. The secret should be filled in or updated manually in order to keep the secret value private.

IAM Policy

An IAM policy, with the minimum permissions to pull images, is created by the module. You need to attach this IAM policy to the resources that will use the pull through cache.

Pull through cache usage

In the following examples you can see how to pull Docker images using the pull through cache using the right image format for the URL:

  • for Docker Hub official images: docker pull AWS_ACCOUNT_ID.dkr.ecr.AWS_REGION.amazonaws.com/docker-hub/library/image_name:tag.
  • For all other Docker Hub images: docker pull AWS_ACCOUNT_ID.dkr.ecr.AWS_REGION.amazonaws.com/docker-hub/repository_name/image_name:tag.

For details about other upstream repositories (like Kubernetes, Quay, GitHub, GitLab, etc.), see the AWS references.

Providers

Name Version
aws >= 5.0

Requirements

Name Version
terraform >= 1.5
aws >= 5.0

Inputs

Name Description Type Default Required
aws_region The AWS region to deploy the ECR pull through cache string "eu-east-1" no
upstream_registry_name The upstream registry name string "docker-hub" no
upstream_registry_url The upstream registry URL string "registry-1.docker.io" no

Outputs

Name Description
ecr_pullthroughcache_policy_arn The ARN of the ECR pull-through cache policy.
ecr_pullthroughcache_policy_name The name of the ECR pull-through cache policy.
ecr_pullthroughcache_repository_uri The URI of the ECR pull throught cache repository URI.

Resources

Name Type
aws_ecr_pull_through_cache_rule.ecr_pullthroughcache resource
aws_iam_policy.ecr_pullthroughcache resource
aws_secretsmanager_secret.ecr_pullthroughcache resource
aws_secretsmanager_secret_version.ecr_pullthroughcache resource
aws_caller_identity.current data source

Modules

No modules.

About

This module creates all the needed resources to deploy an ECR pull through cache rule.

Topics

aws aws-ecr ecr ecr-pull-through-cache

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 2

0.2.0 Latest
Feb 27, 2025
+ 1 release

Contributors 2

  •  
  •  

Languages