aws_ecr_repository_policy

Provides an ECR repository policy.

Note that currently only one policy may be applied to a repository.

NOTE on ECR Availability: The EC2 Container Registry is not yet rolled out in all regions - available regions are listed the AWS Docs.

Example Usage

resource "aws_ecr_repository" "foo" {
  name = "bar"
}

resource "aws_ecr_repository_policy" "foopolicy" {
  repository = "${aws_ecr_repository.foo.name}"

  policy = <<EOF
{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "new policy",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:DescribeRepositories",
                "ecr:GetRepositoryPolicy",
                "ecr:ListImages",
                "ecr:DeleteRepository",
                "ecr:BatchDeleteImage",
                "ecr:SetRepositoryPolicy",
                "ecr:DeleteRepositoryPolicy"
            ]
        }
    ]
}
EOF
}

Argument Reference

The following arguments are supported:

repository - (Required) Name of the repository to apply the policy.
policy - (Required) The policy document. This is a JSON formatted string.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

repository - The name of the repository.
registry_id - The registry ID where the repository was created.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/ecr_repository_policy.html