Startsida Utforska Hjälp
Registrera dig Logga in
AFS
/
xdr-terraform-modules
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: b0033b86e4
Grenar Taggar
xdr-terraform-m...
/
submodules
/
codebuild
/
codebuild-ecr-image
/
ecr_repo.tf

ecr_repo.tf 1.3 KB
Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. 

  2. resource "aws_ecr_repository" "this" {
    3. 

  3.   name  = var.name
    4. 

  4.   tags = merge(var.standard_tags, var.tags)
    5. 

  5. 

  6.   image_scanning_configuration {
    7. 

  7.     scan_on_push = true
    8. 

  8.   }
    9. 

  9. }
    10. 

  10. 

  11. data "aws_iam_policy_document" "ecr_repository_policy" {
    12. 

  12.   statement {
    13. 

  13.     sid    = "LetCodebuildServiceUseTheseImages"
    14. 

  14.     effect = "Allow"
    15. 

  15.     principals {
    16. 

  16.       type        = "Service"
    17. 

  17.       identifiers = [ "codebuild.amazonaws.com" ]
    18. 

  18.     }
    19. 

  19.     actions = [
    20. 

  20.       "ecr:GetDownloadUrlForLayer",
    21. 

  21.       "ecr:BatchGetImage",
    22. 

  22.       "ecr:BatchCheckLayerAvailability"
    23. 

  23.     ]
    24. 

  24.   }
    25. 

  25. 

  26.   statement {
    27. 

  27.     sid    = "LetCodebuildIAMRolePushImagesHere"
    28. 

  28.     effect = "Allow"
    29. 

  29.     principals {
    30. 

  30.       type        = "AWS"
    31. 

  31.       identifiers = [ var.codebuild_assume_role_arn ]
    32. 

  32.     }
    33. 

  33.     actions = [
    34. 

  34.       "ecr:BatchCheckLayerAvailability",
    35. 

  35.       "ecr:BatchGetImage",
    36. 

  36.       "ecr:CompleteLayerUpload",
    37. 

  37.       "ecr:DescribeImages",
    38. 

  38.       "ecr:DescribeRepositories",
    39. 

  39.       "ecr:GetAuthorizationToken",
    40. 

  40.       "ecr:GetDownloadUrlForLayer",
    41. 

  41.       "ecr:InitiateLayerUpload",
    42. 

  42.       "ecr:ListImages",
    43. 

  43.       "ecr:PutImage",
    44. 

  44.       "ecr:UploadLayerPart",
    45. 

  45.     ]
    46. 

  46.   }
    47. 

  47. 

  48. }
    49. 

  49. 

  50. #Allow codebuild to access the ECR Repository to use the images
    51. 

  51. resource "aws_ecr_repository_policy" "this" {
    52. 

  52.   repository = aws_ecr_repository.this.name
    53. 

  53.   policy     = data.aws_iam_policy_document.ecr_repository_policy.json
    54. 

  54. }
    55. 

  55.