diff --git a/README.md b/README.md
index 7e661b5..3927324 100644
--- a/README.md
+++ b/README.md
@@ -169,6 +169,11 @@ module "ecr_registry" {
}
]
+ # Repository Creation Template
+ create_repository_creation_template = true
+ repository_creation_template_prefix = "ROOT"
+ repository_creation_template_applied_for = "PULL_THROUGH_CACHE"
+
tags = {
Terraform = "true"
Environment = "dev"
@@ -194,13 +199,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.37 |
+| [aws](#requirement\_aws) | >= 5.61 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.37 |
+| [aws](#provider\_aws) | >= 5.61 |
## Modules
@@ -216,6 +221,7 @@ No modules.
| [aws_ecr_registry_scanning_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_registry_scanning_configuration) | resource |
| [aws_ecr_replication_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_replication_configuration) | resource |
| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |
+| [aws_ecr_repository_creation_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_creation_template) | resource |
| [aws_ecr_repository_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy) | resource |
| [aws_ecrpublic_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecrpublic_repository) | resource |
| [aws_ecrpublic_repository_policy.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecrpublic_repository_policy) | resource |
@@ -233,6 +239,7 @@ No modules.
| [create\_registry\_policy](#input\_create\_registry\_policy) | Determines whether a registry policy will be created | `bool` | `false` | no |
| [create\_registry\_replication\_configuration](#input\_create\_registry\_replication\_configuration) | Determines whether a registry replication configuration will be created | `bool` | `false` | no |
| [create\_repository](#input\_create\_repository) | Determines whether a repository will be created | `bool` | `true` | no |
+| [create\_repository\_creation\_template](#input\_create\_repository\_creation\_template) | Determines whether a repository creation template will be created | `bool` | `false` | no |
| [create\_repository\_policy](#input\_create\_repository\_policy) | Determines whether a repository policy will be created | `bool` | `true` | no |
| [manage\_registry\_scanning\_configuration](#input\_manage\_registry\_scanning\_configuration) | Determines whether the registry scanning configuration will be managed | `bool` | `false` | no |
| [public\_repository\_catalog\_data](#input\_public\_repository\_catalog\_data) | Catalog data configuration for the repository | `any` | `{}` | no |
@@ -241,6 +248,15 @@ No modules.
| [registry\_replication\_rules](#input\_registry\_replication\_rules) | The replication rules for a replication configuration. A maximum of 10 are allowed | `any` | `[]` | no |
| [registry\_scan\_rules](#input\_registry\_scan\_rules) | One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur | `any` | `[]` | no |
| [registry\_scan\_type](#input\_registry\_scan\_type) | the scanning type to set for the registry. Can be either `ENHANCED` or `BASIC` | `string` | `"ENHANCED"` | no |
+| [repository\_creation\_template\_applied\_for](#input\_repository\_creation\_template\_applied\_for) | Which features this template applies to. Must contain one or more of PULL\_THROUGH\_CACHE or REPLICATION. | `list(string)` | [
"PULL_THROUGH_CACHE"
]
| no |
+| [repository\_creation\_template\_custom\_role\_arn](#input\_repository\_creation\_template\_custom\_role\_arn) | A custom IAM role to use for repository creation. Required if using repository tags or KMS encryption. | `string` | `""` | no |
+| [repository\_creation\_template\_description](#input\_repository\_creation\_template\_description) | The description for this template. | `string` | `""` | no |
+| [repository\_creation\_template\_encryption\_type](#input\_repository\_creation\_template\_encryption\_type) | The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256` | `string` | `null` | no |
+| [repository\_creation\_template\_image\_tag\_mutability](#input\_repository\_creation\_template\_image\_tag\_mutability) | The tag mutability setting for any created repositories. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE. | `string` | `"MUTABLE"` | no |
+| [repository\_creation\_template\_kms\_key](#input\_repository\_creation\_template\_kms\_key) | The ARN of the KMS key to use when encryption\_type is `KMS`. If not specified, uses the default AWS managed key for ECR | `string` | `null` | no |
+| [repository\_creation\_template\_lifecycle\_policy](#input\_repository\_creation\_template\_lifecycle\_policy) | The lifecycle policy document to apply to any created repositories. See more details about Policy Parameters in the official AWS docs. Consider using the aws\_ecr\_lifecycle\_policy\_document data\_source to generate/manage the JSON document used for the lifecycle\_policy argument. | `string` | `""` | no |
+| [repository\_creation\_template\_prefix](#input\_repository\_creation\_template\_prefix) | The repository name prefix to match against. Use ROOT to match any prefix that doesn't explicitly match another template. | `string` | `null` | no |
+| [repository\_creation\_template\_repository\_policy](#input\_repository\_creation\_template\_repository\_policy) | The registry policy document to apply to any created repositories. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no |
| [repository\_encryption\_type](#input\_repository\_encryption\_type) | The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256` | `string` | `null` | no |
| [repository\_force\_delete](#input\_repository\_force\_delete) | If `true`, will delete the repository even if it contains images. Defaults to `false` | `bool` | `null` | no |
| [repository\_image\_scan\_on\_push](#input\_repository\_image\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository (`true`) or not scanned (`false`) | `bool` | `true` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 297ff8e..6ce0781 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -28,13 +28,13 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.37 |
+| [aws](#requirement\_aws) | >= 5.61 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.37 |
+| [aws](#provider\_aws) | >= 5.61 |
## Modules
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index c50fb0f..065971a 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -172,6 +172,11 @@ module "ecr_registry" {
}]
}]
+ # Registry Replication Configuration
+ create_repository_creation_template = true
+ repository_creation_template_prefix = "ROOT"
+ repository_creation_template_applied_for = ["PULL_THROUGH_CACHE"]
+
tags = local.tags
}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 0b1e951..97e87e8 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.37"
+ version = ">= 5.61"
}
}
}
diff --git a/main.tf b/main.tf
index 1c86358..a5e30a5 100644
--- a/main.tf
+++ b/main.tf
@@ -336,3 +336,29 @@ resource "aws_ecr_replication_configuration" "this" {
}
}
}
+
+################################################################################
+# Repository Creation Template
+################################################################################
+
+resource "aws_ecr_repository_creation_template" "this" {
+ count = var.create && var.create_repository_creation_template ? 1 : 0
+
+ prefix = var.repository_creation_template_prefix
+ description = var.repository_creation_template_description
+ image_tag_mutability = var.repository_creation_template_image_tag_mutability
+ custom_role_arn = var.repository_creation_template_custom_role_arn
+
+ applied_for = var.repository_creation_template_applied_for
+
+ encryption_configuration {
+ encryption_type = var.repository_creation_template_encryption_type
+ kms_key = var.repository_creation_template_kms_key
+ }
+
+ repository_policy = var.repository_creation_template_repository_policy
+
+ lifecycle_policy = var.repository_creation_template_lifecycle_policy
+
+ resource_tags = var.tags
+}
diff --git a/variables.tf b/variables.tf
index 965a5c8..30c90b9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -197,3 +197,67 @@ variable "registry_replication_rules" {
type = any
default = []
}
+
+################################################################################
+# Repository Creation Template
+################################################################################
+
+variable "create_repository_creation_template" {
+ description = "Determines whether a repository creation template will be created"
+ type = bool
+ default = false
+}
+
+variable "repository_creation_template_prefix" {
+ description = "The repository name prefix to match against. Use ROOT to match any prefix that doesn't explicitly match another template."
+ type = string
+ default = null
+}
+
+variable "repository_creation_template_applied_for" {
+ description = "Which features this template applies to. Must contain one or more of PULL_THROUGH_CACHE or REPLICATION."
+ type = list(string)
+ default = ["PULL_THROUGH_CACHE"]
+}
+
+variable "repository_creation_template_custom_role_arn" {
+ description = "A custom IAM role to use for repository creation. Required if using repository tags or KMS encryption."
+ type = string
+ default = ""
+}
+
+variable "repository_creation_template_description" {
+ description = "The description for this template."
+ type = string
+ default = ""
+}
+
+variable "repository_creation_template_image_tag_mutability" {
+ description = "The tag mutability setting for any created repositories. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE."
+ type = string
+ default = "MUTABLE"
+}
+
+variable "repository_creation_template_lifecycle_policy" {
+ description = "The lifecycle policy document to apply to any created repositories. See more details about Policy Parameters in the official AWS docs. Consider using the aws_ecr_lifecycle_policy_document data_source to generate/manage the JSON document used for the lifecycle_policy argument."
+ type = string
+ default = ""
+}
+
+variable "repository_creation_template_repository_policy" {
+ description = "The registry policy document to apply to any created repositories. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide."
+ type = string
+ default = null
+}
+
+variable "repository_creation_template_encryption_type" {
+ description = "The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256`"
+ type = string
+ default = null
+}
+
+variable "repository_creation_template_kms_key" {
+ description = "The ARN of the KMS key to use when encryption_type is `KMS`. If not specified, uses the default AWS managed key for ECR"
+ type = string
+ default = null
+}
diff --git a/versions.tf b/versions.tf
index 0b1e951..97e87e8 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.37"
+ version = ">= 5.61"
}
}
}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 2c48b6e..7dd4c79 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -3,32 +3,42 @@ module "wrapper" {
for_each = var.items
- attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
- create = try(each.value.create, var.defaults.create, true)
- create_lifecycle_policy = try(each.value.create_lifecycle_policy, var.defaults.create_lifecycle_policy, true)
- create_registry_policy = try(each.value.create_registry_policy, var.defaults.create_registry_policy, false)
- create_registry_replication_configuration = try(each.value.create_registry_replication_configuration, var.defaults.create_registry_replication_configuration, false)
- create_repository = try(each.value.create_repository, var.defaults.create_repository, true)
- create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
- manage_registry_scanning_configuration = try(each.value.manage_registry_scanning_configuration, var.defaults.manage_registry_scanning_configuration, false)
- public_repository_catalog_data = try(each.value.public_repository_catalog_data, var.defaults.public_repository_catalog_data, {})
- registry_policy = try(each.value.registry_policy, var.defaults.registry_policy, null)
- registry_pull_through_cache_rules = try(each.value.registry_pull_through_cache_rules, var.defaults.registry_pull_through_cache_rules, {})
- registry_replication_rules = try(each.value.registry_replication_rules, var.defaults.registry_replication_rules, [])
- registry_scan_rules = try(each.value.registry_scan_rules, var.defaults.registry_scan_rules, [])
- registry_scan_type = try(each.value.registry_scan_type, var.defaults.registry_scan_type, "ENHANCED")
- repository_encryption_type = try(each.value.repository_encryption_type, var.defaults.repository_encryption_type, null)
- repository_force_delete = try(each.value.repository_force_delete, var.defaults.repository_force_delete, null)
- repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
- repository_image_tag_mutability = try(each.value.repository_image_tag_mutability, var.defaults.repository_image_tag_mutability, "IMMUTABLE")
- repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
- repository_lambda_read_access_arns = try(each.value.repository_lambda_read_access_arns, var.defaults.repository_lambda_read_access_arns, [])
- repository_lifecycle_policy = try(each.value.repository_lifecycle_policy, var.defaults.repository_lifecycle_policy, "")
- repository_name = try(each.value.repository_name, var.defaults.repository_name, "")
- repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
- repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, {})
- repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
- repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
- repository_type = try(each.value.repository_type, var.defaults.repository_type, "private")
- tags = try(each.value.tags, var.defaults.tags, {})
+ attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
+ create = try(each.value.create, var.defaults.create, true)
+ create_lifecycle_policy = try(each.value.create_lifecycle_policy, var.defaults.create_lifecycle_policy, true)
+ create_registry_policy = try(each.value.create_registry_policy, var.defaults.create_registry_policy, false)
+ create_registry_replication_configuration = try(each.value.create_registry_replication_configuration, var.defaults.create_registry_replication_configuration, false)
+ create_repository = try(each.value.create_repository, var.defaults.create_repository, true)
+ create_repository_creation_template = try(each.value.create_repository_creation_template, var.defaults.create_repository_creation_template, false)
+ create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
+ manage_registry_scanning_configuration = try(each.value.manage_registry_scanning_configuration, var.defaults.manage_registry_scanning_configuration, false)
+ public_repository_catalog_data = try(each.value.public_repository_catalog_data, var.defaults.public_repository_catalog_data, {})
+ registry_policy = try(each.value.registry_policy, var.defaults.registry_policy, null)
+ registry_pull_through_cache_rules = try(each.value.registry_pull_through_cache_rules, var.defaults.registry_pull_through_cache_rules, {})
+ registry_replication_rules = try(each.value.registry_replication_rules, var.defaults.registry_replication_rules, [])
+ registry_scan_rules = try(each.value.registry_scan_rules, var.defaults.registry_scan_rules, [])
+ registry_scan_type = try(each.value.registry_scan_type, var.defaults.registry_scan_type, "ENHANCED")
+ repository_creation_template_applied_for = try(each.value.repository_creation_template_applied_for, var.defaults.repository_creation_template_applied_for, ["PULL_THROUGH_CACHE"])
+ repository_creation_template_custom_role_arn = try(each.value.repository_creation_template_custom_role_arn, var.defaults.repository_creation_template_custom_role_arn, "")
+ repository_creation_template_description = try(each.value.repository_creation_template_description, var.defaults.repository_creation_template_description, "")
+ repository_creation_template_encryption_type = try(each.value.repository_creation_template_encryption_type, var.defaults.repository_creation_template_encryption_type, null)
+ repository_creation_template_image_tag_mutability = try(each.value.repository_creation_template_image_tag_mutability, var.defaults.repository_creation_template_image_tag_mutability, "MUTABLE")
+ repository_creation_template_kms_key = try(each.value.repository_creation_template_kms_key, var.defaults.repository_creation_template_kms_key, null)
+ repository_creation_template_lifecycle_policy = try(each.value.repository_creation_template_lifecycle_policy, var.defaults.repository_creation_template_lifecycle_policy, "")
+ repository_creation_template_prefix = try(each.value.repository_creation_template_prefix, var.defaults.repository_creation_template_prefix, null)
+ repository_creation_template_repository_policy = try(each.value.repository_creation_template_repository_policy, var.defaults.repository_creation_template_repository_policy, null)
+ repository_encryption_type = try(each.value.repository_encryption_type, var.defaults.repository_encryption_type, null)
+ repository_force_delete = try(each.value.repository_force_delete, var.defaults.repository_force_delete, null)
+ repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
+ repository_image_tag_mutability = try(each.value.repository_image_tag_mutability, var.defaults.repository_image_tag_mutability, "IMMUTABLE")
+ repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
+ repository_lambda_read_access_arns = try(each.value.repository_lambda_read_access_arns, var.defaults.repository_lambda_read_access_arns, [])
+ repository_lifecycle_policy = try(each.value.repository_lifecycle_policy, var.defaults.repository_lifecycle_policy, "")
+ repository_name = try(each.value.repository_name, var.defaults.repository_name, "")
+ repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
+ repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, {})
+ repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
+ repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
+ repository_type = try(each.value.repository_type, var.defaults.repository_type, "private")
+ tags = try(each.value.tags, var.defaults.tags, {})
}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index 0b1e951..97e87e8 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.37"
+ version = ">= 5.61"
}
}
}