Amazon ECR Terraform module

Upstream version 3.2.0

0 controls from Registry requirements

Terraform Module Source

registry.compliance.tf/terraform-aws-modules/ecr/aws

Compliance Inputs Outputs Resources Diff (0)README

30 unique

Name	Type	Default	Description
Optional
attach_repository_policy	bool	true	Determines whether a repository policy will be attached to the repository
create	bool	true	Determines whether resources will be created (affects all resources)
create_lifecycle_policy	bool	true	Determines whether a lifecycle policy will be created
create_registry_policy	bool	false	Determines whether a registry policy will be created
create_registry_replication_configuration	bool	false	Determines whether a registry replication configuration will be created
create_repository	bool	true	Determines whether a repository will be created
create_repository_policy	bool	true	Determines whether a repository policy will be created
manage_registry_scanning_configuration	bool	false	Determines whether the registry scanning configuration will be managed
public_repository_catalog_data	object({...})	null	Catalog data configuration for the repository
region	string	null	Region where this resource will be managed. Defaults to the Region set in the provider configuration.
registry_policy	string	null	The policy document. This is a JSON formatted string
registry_pull_through_cache_rules	map({...})	{}	List of pull through cache rules to create
registry_replication_rules	list({...})	null	The replication rules for a replication configuration. A maximum of 10 are allowed
registry_scan_rules	list({...})	null	One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur
registry_scan_type	string	"ENHANCED"	the scanning type to set for the registry. Can be either `ENHANCED` or `BASIC`
repository_encryption_type	string	null	The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256`
repository_force_delete	bool	null	If `true`, will delete the repository even if it contains images. Defaults to `false`
repository_image_scan_on_push	bool	true	Indicates whether images are scanned after being pushed to the repository (`true`) or not scanned (`false`)
repository_image_tag_mutability	string	"IMMUTABLE"	The tag mutability setting for the repository. Must be one of: `MUTABLE`, `MUTABLE_WITH_EXCLUSION`, `IMMUTABLE`, or `IMMUTABLE_WITH_EXCLUSION`. Defaults to `IMMUTABLE`
repository_image_tag_mutability_exclusion_filter	list({...})	null	Configuration block that defines filters to specify which image tags can override the default tag mutability setting. Only applicable when image_tag_mutability is set to IMMUTABLE_WITH_EXCLUSION or MUTABLE_WITH_EXCLUSION.
repository_kms_key	string	null	The ARN of the KMS key to use when encryption_type is `KMS`. If not specified, uses the default AWS managed key for ECR
repository_lambda_read_access_arns	list(string)	[]	The ARNs of the Lambda service roles that have read access to the repository
repository_lifecycle_policy	string	""	The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs
repository_name	string	""	The name of the repository
repository_policy	string	null	The JSON policy to apply to the repository. If not specified, uses the default policy
repository_policy_statements	map({...})	null	A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage
repository_read_access_arns	list(string)	[]	The ARNs of the IAM users/roles that have read access to the repository
repository_read_write_access_arns	list(string)	[]	The ARNs of the IAM users/roles that have read/write access to the repository
repository_type	string	"private"	The type of repository to create. Either `public` or `private`
tags	map(string)	{}	A map of tags to add to all resources