Skip to main content
Sponsor @cloudposse

Module: ecr-public

Terraform module to provision a Public AWS ECR Docker Container registry.

Usage

The module creates one or more Elastic Container Registry (ECR) Public repositories. Please note that this module can only be provisioned in the US-EAST-1 region.

Write access to the repositories is granted to via the principals_full_access list, which is a list of strings that can designate any valid AWS Principal. This module only creates the Repository Policy allowing those Principals access. The Principals will still separately need IAM policies allowing them permission to execute ECR actions against the repository. For more details, see How Amazon Elastic Container Registry Works with IAM.

Include this repository as a module in your existing terraform code:

# IAM Role to be granted ECR permissions
data "aws_iam_role" "ecrpublic" {
  name = "ecr"
}

module "ecrpublic" {
  source = "cloudposse/ecr-public/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"
  namespace              = "eg"
  stage                  = "test"
  name                   = "ecr"
  principals_full_access = [data.aws_iam_role.ecr.arn]
  repository_configs     = [
    {
      name              = "foo"
      description       = "The repository for the foo image"
      about_text        = null
      usage_text        = null
      architectures     = ["AMD64"]
      operating_systems = ["Linux"]
    },
  ]
}