diff --git a/README.md b/README.md
index 68ac248..a54df95 100644
--- a/README.md
+++ b/README.md
@@ -194,14 +194,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.93 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.8 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.93 |
+| [aws](#provider\_aws) | >= 6.8 |
## Modules
@@ -236,22 +236,24 @@ No modules.
| [create\_repository](#input\_create\_repository) | Determines whether a repository will be created | `bool` | `true` | no |
| [create\_repository\_policy](#input\_create\_repository\_policy) | Determines whether a repository policy will be created | `bool` | `true` | no |
| [manage\_registry\_scanning\_configuration](#input\_manage\_registry\_scanning\_configuration) | Determines whether the registry scanning configuration will be managed | `bool` | `false` | no |
-| [public\_repository\_catalog\_data](#input\_public\_repository\_catalog\_data) | Catalog data configuration for the repository | `any` | `{}` | no |
+| [public\_repository\_catalog\_data](#input\_public\_repository\_catalog\_data) | Catalog data configuration for the repository | object({
about_text = optional(string)
architectures = optional(list(string))
description = optional(string)
logo_image_blob = optional(string)
operating_systems = optional(list(string))
usage_text = optional(string)
}) | `null` | no |
+| [region](#input\_region) | Region where this resource will be managed. Defaults to the Region set in the provider configuration. | `string` | `null` | no |
| [registry\_policy](#input\_registry\_policy) | The policy document. This is a JSON formatted string | `string` | `null` | no |
-| [registry\_pull\_through\_cache\_rules](#input\_registry\_pull\_through\_cache\_rules) | List of pull through cache rules to create | `map(map(string))` | `{}` | no |
-| [registry\_replication\_rules](#input\_registry\_replication\_rules) | The replication rules for a replication configuration. A maximum of 10 are allowed | `any` | `[]` | no |
-| [registry\_scan\_rules](#input\_registry\_scan\_rules) | One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur | `any` | `[]` | no |
+| [registry\_pull\_through\_cache\_rules](#input\_registry\_pull\_through\_cache\_rules) | List of pull through cache rules to create | map(object({
ecr_repository_prefix = string
upstream_registry_url = string
credential_arn = optional(string)
custom_role_arn = optional(string)
upstream_repository_prefix = optional(string)
region = optional(string)
})) | `{}` | no |
+| [registry\_replication\_rules](#input\_registry\_replication\_rules) | The replication rules for a replication configuration. A maximum of 10 are allowed | list(object({
destinations = list(object({
region = string
registry_id = string
}))
repository_filters = optional(list(object({
filter = string
filter_type = string
})))
})) | `null` | no |
+| [registry\_scan\_rules](#input\_registry\_scan\_rules) | One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur | list(object({
scan_frequency = string
filter = list(object({
filter = string
filter_type = optional(string)
}))
})) | `null` | no |
| [registry\_scan\_type](#input\_registry\_scan\_type) | the scanning type to set for the registry. Can be either `ENHANCED` or `BASIC` | `string` | `"ENHANCED"` | no |
| [repository\_encryption\_type](#input\_repository\_encryption\_type) | The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256` | `string` | `null` | no |
| [repository\_force\_delete](#input\_repository\_force\_delete) | If `true`, will delete the repository even if it contains images. Defaults to `false` | `bool` | `null` | no |
| [repository\_image\_scan\_on\_push](#input\_repository\_image\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository (`true`) or not scanned (`false`) | `bool` | `true` | no |
| [repository\_image\_tag\_mutability](#input\_repository\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `IMMUTABLE` | `string` | `"IMMUTABLE"` | no |
+| [repository\_image\_tag\_mutability\_exclusion\_filter](#input\_repository\_image\_tag\_mutability\_exclusion\_filter) | Configuration block that defines filters to specify which image tags can override the default tag mutability setting. Only applicable when image\_tag\_mutability is set to IMMUTABLE\_WITH\_EXCLUSION or MUTABLE\_WITH\_EXCLUSION. | list(object({
filter = string
filter_type = string
})) | `null` | no |
| [repository\_kms\_key](#input\_repository\_kms\_key) | The ARN of the KMS key to use when encryption\_type is `KMS`. If not specified, uses the default AWS managed key for ECR | `string` | `null` | no |
| [repository\_lambda\_read\_access\_arns](#input\_repository\_lambda\_read\_access\_arns) | The ARNs of the Lambda service roles that have read access to the repository | `list(string)` | `[]` | no |
| [repository\_lifecycle\_policy](#input\_repository\_lifecycle\_policy) | The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs | `string` | `""` | no |
| [repository\_name](#input\_repository\_name) | The name of the repository | `string` | `""` | no |
| [repository\_policy](#input\_repository\_policy) | The JSON policy to apply to the repository. If not specified, uses the default policy | `string` | `null` | no |
-| [repository\_policy\_statements](#input\_repository\_policy\_statements) | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | `any` | `{}` | no |
+| [repository\_policy\_statements](#input\_repository\_policy\_statements) | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | map(object({
sid = optional(string)
actions = optional(list(string))
not_actions = optional(list(string))
effect = optional(string)
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
conditions = optional(list(object({
test = string
values = list(string)
variable = string
})))
})) | `null` | no |
| [repository\_read\_access\_arns](#input\_repository\_read\_access\_arns) | The ARNs of the IAM users/roles that have read access to the repository | `list(string)` | `[]` | no |
| [repository\_read\_write\_access\_arns](#input\_repository\_read\_write\_access\_arns) | The ARNs of the IAM users/roles that have read/write access to the repository | `list(string)` | `[]` | no |
| [repository\_type](#input\_repository\_type) | The type of repository to create. Either `public` or `private` | `string` | `"private"` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 428ce7c..651a2f7 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -27,14 +27,14 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.93 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.8 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.93 |
+| [aws](#provider\_aws) | >= 6.8 |
## Modules
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 272fe17..d2a4c88 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -54,6 +54,23 @@ module "ecr" {
repository_force_delete = true
+ repository_image_tag_mutability = "IMMUTABLE_WITH_EXCLUSION"
+
+ repository_image_tag_mutability_exclusion_filter = [
+ {
+ filter = "latest*"
+ filter_type = "WILDCARD"
+ },
+ {
+ filter = "dev-*"
+ filter_type = "WILDCARD"
+ },
+ {
+ filter = "qa-*"
+ filter_type = "WILDCARD"
+ }
+ ]
+
tags = local.tags
}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index f2f9288..3595a1a 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}
diff --git a/examples/repository-template/README.md b/examples/repository-template/README.md
index 71bd0c8..8dc1c2c 100644
--- a/examples/repository-template/README.md
+++ b/examples/repository-template/README.md
@@ -21,14 +21,14 @@ If you validate the example by using the pull-through cache, you will need to ma
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.93 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.8 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.93 |
+| [aws](#provider\_aws) | >= 6.8 |
## Modules
diff --git a/examples/repository-template/versions.tf b/examples/repository-template/versions.tf
index f2f9288..3595a1a 100644
--- a/examples/repository-template/versions.tf
+++ b/examples/repository-template/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}
diff --git a/main.tf b/main.tf
index 3509fc7..c134b06 100644
--- a/main.tf
+++ b/main.tf
@@ -129,18 +129,18 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "statement" {
- for_each = var.repository_policy_statements
+ for_each = var.repository_policy_statements != null ? var.repository_policy_statements : {}
content {
- sid = try(statement.value.sid, null)
- actions = try(statement.value.actions, null)
- not_actions = try(statement.value.not_actions, null)
- effect = try(statement.value.effect, null)
- resources = try(statement.value.resources, null)
- not_resources = try(statement.value.not_resources, null)
+ sid = statement.value.sid
+ actions = statement.value.actions
+ not_actions = statement.value.not_actions
+ effect = statement.value.effect
+ resources = statement.value.resources
+ not_resources = statement.value.not_resources
dynamic "principals" {
- for_each = try(statement.value.principals, [])
+ for_each = statement.value.principals != null ? statement.value.principals : []
content {
type = principals.value.type
@@ -149,7 +149,7 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "not_principals" {
- for_each = try(statement.value.not_principals, [])
+ for_each = statement.value.not_principals != null ? statement.value.not_principals : []
content {
type = not_principals.value.type
@@ -158,7 +158,7 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "condition" {
- for_each = try(statement.value.conditions, [])
+ for_each = statement.value.conditions != null ? statement.value.condition : []
content {
test = condition.value.test
@@ -191,6 +191,16 @@ resource "aws_ecr_repository" "this" {
scan_on_push = var.repository_image_scan_on_push
}
+ dynamic "image_tag_mutability_exclusion_filter" {
+ for_each = var.repository_image_tag_mutability_exclusion_filter != null ? var.repository_image_tag_mutability_exclusion_filter : []
+ content {
+ filter = image_tag_mutability_exclusion_filter.value.filter
+ filter_type = image_tag_mutability_exclusion_filter.value.filter_type
+ }
+ }
+
+ region = var.region
+
tags = var.tags
}
@@ -203,6 +213,7 @@ resource "aws_ecr_repository_policy" "this" {
repository = aws_ecr_repository.this[0].name
policy = var.create_repository_policy ? data.aws_iam_policy_document.repository[0].json : var.repository_policy
+ region = var.region
}
################################################################################
@@ -214,6 +225,7 @@ resource "aws_ecr_lifecycle_policy" "this" {
repository = aws_ecr_repository.this[0].name
policy = var.repository_lifecycle_policy
+ region = var.region
}
################################################################################
@@ -226,7 +238,7 @@ resource "aws_ecrpublic_repository" "this" {
repository_name = var.repository_name
dynamic "catalog_data" {
- for_each = length(var.public_repository_catalog_data) > 0 ? [var.public_repository_catalog_data] : []
+ for_each = var.public_repository_catalog_data != null ? [var.public_repository_catalog_data] : []
content {
about_text = try(catalog_data.value.about_text, null)
@@ -238,6 +250,8 @@ resource "aws_ecrpublic_repository" "this" {
}
}
+ region = var.region
+
tags = var.tags
}
@@ -250,6 +264,7 @@ resource "aws_ecrpublic_repository_policy" "example" {
repository_name = aws_ecrpublic_repository.this[0].repository_name
policy = var.create_repository_policy ? data.aws_iam_policy_document.repository[0].json : var.repository_policy
+ region = var.region
}
################################################################################
@@ -260,6 +275,7 @@ resource "aws_ecr_registry_policy" "this" {
count = var.create && var.create_registry_policy ? 1 : 0
policy = var.registry_policy
+ region = var.region
}
################################################################################
@@ -271,9 +287,10 @@ resource "aws_ecr_pull_through_cache_rule" "this" {
ecr_repository_prefix = each.value.ecr_repository_prefix
upstream_registry_url = each.value.upstream_registry_url
- credential_arn = try(each.value.credential_arn, null)
- custom_role_arn = try(each.value.custom_role_arn, null)
- upstream_repository_prefix = try(each.value.upstream_repository_prefix, null)
+ credential_arn = each.value.credential_arn
+ custom_role_arn = each.value.custom_role_arn
+ upstream_repository_prefix = each.value.upstream_repository_prefix
+ region = each.value.region != null ? each.value.region : var.region
}
################################################################################
@@ -284,9 +301,10 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
count = var.create && var.manage_registry_scanning_configuration ? 1 : 0
scan_type = var.registry_scan_type
+ region = var.region
dynamic "rule" {
- for_each = var.registry_scan_rules
+ for_each = var.registry_scan_rules != null ? var.registry_scan_rules : []
content {
scan_frequency = rule.value.scan_frequency
@@ -296,7 +314,7 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
content {
filter = repository_filter.value.filter
- filter_type = try(repository_filter.value.filter_type, "WILDCARD")
+ filter_type = repository_filter.value.filter_type != null ? repository_filter.value.filter_type : "WILDCARD"
}
}
}
@@ -310,10 +328,12 @@ resource "aws_ecr_registry_scanning_configuration" "this" {
resource "aws_ecr_replication_configuration" "this" {
count = var.create && var.create_registry_replication_configuration ? 1 : 0
+ region = var.region
+
replication_configuration {
dynamic "rule" {
- for_each = var.registry_replication_rules
+ for_each = var.registry_replication_rules != null ? var.registry_replication_rules : []
content {
dynamic "destination" {
@@ -326,7 +346,7 @@ resource "aws_ecr_replication_configuration" "this" {
}
dynamic "repository_filter" {
- for_each = try(rule.value.repository_filters, [])
+ for_each = rule.value.repository_filters != null ? rule.value.repository_filters : []
content {
filter = repository_filter.value.filter
diff --git a/modules/repository-template/README.md b/modules/repository-template/README.md
index e89a0bf..f6c61c2 100644
--- a/modules/repository-template/README.md
+++ b/modules/repository-template/README.md
@@ -97,14 +97,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.93 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.8 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.93 |
+| [aws](#provider\_aws) | >= 6.8 |
## Modules
@@ -148,9 +148,10 @@ No modules.
| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key used to encrypt the repositories created | `string` | `null` | no |
| [lifecycle\_policy](#input\_lifecycle\_policy) | The lifecycle policy document to apply to any created repositories | `string` | `null` | no |
| [prefix](#input\_prefix) | (Required) The repository name prefix to match against. Use `ROOT` to match any prefix that doesn't explicitly match another template | `string` | `""` | no |
+| [region](#input\_region) | Region where this resource will be managed. Defaults to the Region set in the provider configuration. | `string` | `null` | no |
| [repository\_lambda\_read\_access\_arns](#input\_repository\_lambda\_read\_access\_arns) | The ARNs of the Lambda service roles that have read access to the repository | `list(string)` | `[]` | no |
| [repository\_policy](#input\_repository\_policy) | The JSON policy to apply to the repository. If not specified, uses the default policy | `string` | `null` | no |
-| [repository\_policy\_statements](#input\_repository\_policy\_statements) | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | `any` | `{}` | no |
+| [repository\_policy\_statements](#input\_repository\_policy\_statements) | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | map(object({
sid = optional(string)
actions = optional(list(string))
not_actions = optional(list(string))
effect = optional(string)
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
conditions = optional(list(object({
test = string
values = list(string)
variable = string
})))
})) | `null` | no |
| [repository\_read\_access\_arns](#input\_repository\_read\_access\_arns) | The ARNs of the IAM users/roles that have read access to the repository | `list(string)` | `[]` | no |
| [repository\_read\_write\_access\_arns](#input\_repository\_read\_write\_access\_arns) | The ARNs of the IAM users/roles that have read/write access to the repository | `list(string)` | `[]` | no |
| [resource\_tags](#input\_resource\_tags) | A map of tags to assign to any created repositories | `map(string)` | `{}` | no |
diff --git a/modules/repository-template/main.tf b/modules/repository-template/main.tf
index 7aca637..05818ae 100644
--- a/modules/repository-template/main.tf
+++ b/modules/repository-template/main.tf
@@ -33,6 +33,7 @@ resource "aws_ecr_repository_creation_template" "this" {
image_tag_mutability = var.image_tag_mutability
lifecycle_policy = var.lifecycle_policy
prefix = var.prefix
+ region = var.region
repository_policy = var.create_repository_policy ? data.aws_iam_policy_document.repository[0].json : var.repository_policy
resource_tags = var.resource_tags
@@ -118,7 +119,7 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "statement" {
- for_each = var.repository_policy_statements
+ for_each = var.repository_policy_statements != null ? var.repository_policy_statements : {}
content {
sid = try(statement.value.sid, null)
@@ -129,7 +130,7 @@ data "aws_iam_policy_document" "repository" {
not_resources = try(statement.value.not_resources, null)
dynamic "principals" {
- for_each = try(statement.value.principals, [])
+ for_each = statement.value.principals != null ? statement.value.principals : []
content {
type = principals.value.type
@@ -138,7 +139,7 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "not_principals" {
- for_each = try(statement.value.not_principals, [])
+ for_each = statement.value.not_principals != null ? statement.value.not_principals : []
content {
type = not_principals.value.type
@@ -147,7 +148,7 @@ data "aws_iam_policy_document" "repository" {
}
dynamic "condition" {
- for_each = try(statement.value.conditions, [])
+ for_each = statement.value.conditions != null ? statement.value.conditions : []
content {
test = condition.value.test
@@ -169,6 +170,7 @@ resource "aws_ecr_pull_through_cache_rule" "this" {
credential_arn = var.credential_arn
ecr_repository_prefix = var.prefix
upstream_registry_url = var.upstream_registry_url
+ region = var.region
}
################################################################################
diff --git a/modules/repository-template/variables.tf b/modules/repository-template/variables.tf
index ee84672..9d1aa95 100644
--- a/modules/repository-template/variables.tf
+++ b/modules/repository-template/variables.tf
@@ -10,6 +10,12 @@ variable "tags" {
default = {}
}
+variable "region" {
+ description = "Region where this resource will be managed. Defaults to the Region set in the provider configuration."
+ type = string
+ default = null
+}
+
################################################################################
# Repository Template
################################################################################
@@ -126,8 +132,28 @@ variable "repository_read_write_access_arns" {
variable "repository_policy_statements" {
description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
- type = any
- default = {}
+ type = map(object({
+ sid = optional(string)
+ actions = optional(list(string))
+ not_actions = optional(list(string))
+ effect = optional(string)
+ resources = optional(list(string))
+ not_resources = optional(list(string))
+ principals = optional(list(object({
+ type = string
+ identifiers = list(string)
+ })))
+ not_principals = optional(list(object({
+ type = string
+ identifiers = list(string)
+ })))
+ conditions = optional(list(object({
+ test = string
+ values = list(string)
+ variable = string
+ })))
+ }))
+ default = null
}
################################################################################
diff --git a/modules/repository-template/versions.tf b/modules/repository-template/versions.tf
index f2f9288..3595a1a 100644
--- a/modules/repository-template/versions.tf
+++ b/modules/repository-template/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}
diff --git a/variables.tf b/variables.tf
index 965a5c8..6e5be17 100644
--- a/variables.tf
+++ b/variables.tf
@@ -16,6 +16,12 @@ variable "repository_type" {
default = "private"
}
+variable "region" {
+ description = "Region where this resource will be managed. Defaults to the Region set in the provider configuration."
+ type = string
+ default = null
+}
+
################################################################################
# Repository
################################################################################
@@ -68,6 +74,15 @@ variable "repository_force_delete" {
default = null
}
+variable "repository_image_tag_mutability_exclusion_filter" {
+ description = "Configuration block that defines filters to specify which image tags can override the default tag mutability setting. Only applicable when image_tag_mutability is set to IMMUTABLE_WITH_EXCLUSION or MUTABLE_WITH_EXCLUSION."
+ type = list(object({
+ filter = string
+ filter_type = string
+ }))
+ default = null
+}
+
################################################################################
# Repository Policy
################################################################################
@@ -104,8 +119,28 @@ variable "repository_read_write_access_arns" {
variable "repository_policy_statements" {
description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
- type = any
- default = {}
+ type = map(object({
+ sid = optional(string)
+ actions = optional(list(string))
+ not_actions = optional(list(string))
+ effect = optional(string)
+ resources = optional(list(string))
+ not_resources = optional(list(string))
+ principals = optional(list(object({
+ type = string
+ identifiers = list(string)
+ })))
+ not_principals = optional(list(object({
+ type = string
+ identifiers = list(string)
+ })))
+ conditions = optional(list(object({
+ test = string
+ values = list(string)
+ variable = string
+ })))
+ }))
+ default = null
}
################################################################################
@@ -130,8 +165,15 @@ variable "repository_lifecycle_policy" {
variable "public_repository_catalog_data" {
description = "Catalog data configuration for the repository"
- type = any
- default = {}
+ type = object({
+ about_text = optional(string)
+ architectures = optional(list(string))
+ description = optional(string)
+ logo_image_blob = optional(string)
+ operating_systems = optional(list(string))
+ usage_text = optional(string)
+ })
+ default = null
}
################################################################################
@@ -156,8 +198,15 @@ variable "registry_policy" {
variable "registry_pull_through_cache_rules" {
description = "List of pull through cache rules to create"
- type = map(map(string))
- default = {}
+ type = map(object({
+ ecr_repository_prefix = string
+ upstream_registry_url = string
+ credential_arn = optional(string)
+ custom_role_arn = optional(string)
+ upstream_repository_prefix = optional(string)
+ region = optional(string)
+ }))
+ default = {}
}
################################################################################
@@ -178,8 +227,14 @@ variable "registry_scan_type" {
variable "registry_scan_rules" {
description = "One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur"
- type = any
- default = []
+ type = list(object({
+ scan_frequency = string
+ filter = list(object({
+ filter = string
+ filter_type = optional(string)
+ }))
+ }))
+ default = null
}
################################################################################
@@ -194,6 +249,15 @@ variable "create_registry_replication_configuration" {
variable "registry_replication_rules" {
description = "The replication rules for a replication configuration. A maximum of 10 are allowed"
- type = any
- default = []
+ type = list(object({
+ destinations = list(object({
+ region = string
+ registry_id = string
+ }))
+ repository_filters = optional(list(object({
+ filter = string
+ filter_type = string
+ })))
+ }))
+ default = null
}
diff --git a/versions.tf b/versions.tf
index f2f9288..3595a1a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 2c48b6e..2ed14d5 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -3,32 +3,34 @@ module "wrapper" {
for_each = var.items
- attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
- create = try(each.value.create, var.defaults.create, true)
- create_lifecycle_policy = try(each.value.create_lifecycle_policy, var.defaults.create_lifecycle_policy, true)
- create_registry_policy = try(each.value.create_registry_policy, var.defaults.create_registry_policy, false)
- create_registry_replication_configuration = try(each.value.create_registry_replication_configuration, var.defaults.create_registry_replication_configuration, false)
- create_repository = try(each.value.create_repository, var.defaults.create_repository, true)
- create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
- manage_registry_scanning_configuration = try(each.value.manage_registry_scanning_configuration, var.defaults.manage_registry_scanning_configuration, false)
- public_repository_catalog_data = try(each.value.public_repository_catalog_data, var.defaults.public_repository_catalog_data, {})
- registry_policy = try(each.value.registry_policy, var.defaults.registry_policy, null)
- registry_pull_through_cache_rules = try(each.value.registry_pull_through_cache_rules, var.defaults.registry_pull_through_cache_rules, {})
- registry_replication_rules = try(each.value.registry_replication_rules, var.defaults.registry_replication_rules, [])
- registry_scan_rules = try(each.value.registry_scan_rules, var.defaults.registry_scan_rules, [])
- registry_scan_type = try(each.value.registry_scan_type, var.defaults.registry_scan_type, "ENHANCED")
- repository_encryption_type = try(each.value.repository_encryption_type, var.defaults.repository_encryption_type, null)
- repository_force_delete = try(each.value.repository_force_delete, var.defaults.repository_force_delete, null)
- repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
- repository_image_tag_mutability = try(each.value.repository_image_tag_mutability, var.defaults.repository_image_tag_mutability, "IMMUTABLE")
- repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
- repository_lambda_read_access_arns = try(each.value.repository_lambda_read_access_arns, var.defaults.repository_lambda_read_access_arns, [])
- repository_lifecycle_policy = try(each.value.repository_lifecycle_policy, var.defaults.repository_lifecycle_policy, "")
- repository_name = try(each.value.repository_name, var.defaults.repository_name, "")
- repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
- repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, {})
- repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
- repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
- repository_type = try(each.value.repository_type, var.defaults.repository_type, "private")
- tags = try(each.value.tags, var.defaults.tags, {})
+ attach_repository_policy = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
+ create = try(each.value.create, var.defaults.create, true)
+ create_lifecycle_policy = try(each.value.create_lifecycle_policy, var.defaults.create_lifecycle_policy, true)
+ create_registry_policy = try(each.value.create_registry_policy, var.defaults.create_registry_policy, false)
+ create_registry_replication_configuration = try(each.value.create_registry_replication_configuration, var.defaults.create_registry_replication_configuration, false)
+ create_repository = try(each.value.create_repository, var.defaults.create_repository, true)
+ create_repository_policy = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
+ manage_registry_scanning_configuration = try(each.value.manage_registry_scanning_configuration, var.defaults.manage_registry_scanning_configuration, false)
+ public_repository_catalog_data = try(each.value.public_repository_catalog_data, var.defaults.public_repository_catalog_data, null)
+ region = try(each.value.region, var.defaults.region, null)
+ registry_policy = try(each.value.registry_policy, var.defaults.registry_policy, null)
+ registry_pull_through_cache_rules = try(each.value.registry_pull_through_cache_rules, var.defaults.registry_pull_through_cache_rules, {})
+ registry_replication_rules = try(each.value.registry_replication_rules, var.defaults.registry_replication_rules, null)
+ registry_scan_rules = try(each.value.registry_scan_rules, var.defaults.registry_scan_rules, null)
+ registry_scan_type = try(each.value.registry_scan_type, var.defaults.registry_scan_type, "ENHANCED")
+ repository_encryption_type = try(each.value.repository_encryption_type, var.defaults.repository_encryption_type, null)
+ repository_force_delete = try(each.value.repository_force_delete, var.defaults.repository_force_delete, null)
+ repository_image_scan_on_push = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
+ repository_image_tag_mutability = try(each.value.repository_image_tag_mutability, var.defaults.repository_image_tag_mutability, "IMMUTABLE")
+ repository_image_tag_mutability_exclusion_filter = try(each.value.repository_image_tag_mutability_exclusion_filter, var.defaults.repository_image_tag_mutability_exclusion_filter, null)
+ repository_kms_key = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
+ repository_lambda_read_access_arns = try(each.value.repository_lambda_read_access_arns, var.defaults.repository_lambda_read_access_arns, [])
+ repository_lifecycle_policy = try(each.value.repository_lifecycle_policy, var.defaults.repository_lifecycle_policy, "")
+ repository_name = try(each.value.repository_name, var.defaults.repository_name, "")
+ repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
+ repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, null)
+ repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
+ repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
+ repository_type = try(each.value.repository_type, var.defaults.repository_type, "private")
+ tags = try(each.value.tags, var.defaults.tags, {})
}
diff --git a/wrappers/repository-template/main.tf b/wrappers/repository-template/main.tf
index 402ef2e..f0c2166 100644
--- a/wrappers/repository-template/main.tf
+++ b/wrappers/repository-template/main.tf
@@ -22,9 +22,10 @@ module "wrapper" {
kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null)
lifecycle_policy = try(each.value.lifecycle_policy, var.defaults.lifecycle_policy, null)
prefix = try(each.value.prefix, var.defaults.prefix, "")
+ region = try(each.value.region, var.defaults.region, null)
repository_lambda_read_access_arns = try(each.value.repository_lambda_read_access_arns, var.defaults.repository_lambda_read_access_arns, [])
repository_policy = try(each.value.repository_policy, var.defaults.repository_policy, null)
- repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, {})
+ repository_policy_statements = try(each.value.repository_policy_statements, var.defaults.repository_policy_statements, null)
repository_read_access_arns = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
repository_read_write_access_arns = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
resource_tags = try(each.value.resource_tags, var.defaults.resource_tags, {})
diff --git a/wrappers/repository-template/versions.tf b/wrappers/repository-template/versions.tf
index f2f9288..3595a1a 100644
--- a/wrappers/repository-template/versions.tf
+++ b/wrappers/repository-template/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index f2f9288..3595a1a 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.93"
+ version = ">= 6.8"
}
}
}