Skip to content

harrison-ai/harrison-terraform-module-ecr

BranchesTags

Repository files navigation

An Opinionated Terraform Module to deploy ECR Repositories

A Terraform Module to be used for deploying ECR Repositories with the following design goals:

  • Allow Lambda or EKS from selected AWS Accounts to pull from repository.
  • The ability to provide a custom ECR Resource Policy.
  • Aggressive by default lifecycle policy:
    • 1 x Untagged image allowed.
    • 10 x Tagged images allowed.

Opinionated in that this is designed primarily for publishing Docker images into a central or shared AWS account, from which they are to be consumed via EKS or Lambda functions in other AWS Accounts.

Usage

Minimal example (no Cross Account sharing)

module "example" {
  source = "github.com/harrison-ai/harrison-terraform-module-ecr?ref=0.1.3"

  name = "example"
}

Complete Example with Cross Account Sharing

module "example" {
  source = "github.com/harrison-ai/harrison-terraform-module-ecr?ref=0.1.3"

  name                    = random_pet.this.id
  account_ids             = ["012345678912", "001122334455"]
  cross_account_service   = "EKS"
  tagged_images_to_keep   = 30
  untagged_images_to_keep = 3
}

Override lifecycle or repository policy

Both the lifecycle policy and repository policy can be overriden with custom user supplied policies. Please see examples/user-supplied-policies for a complete example

Requirements

Name Version
terraform >= 1.2
aws >= 6.0

Providers

Name Version
aws >= 6.0

Modules

No modules.

Resources

Name Type
aws_ecr_lifecycle_policy.default resource
aws_ecr_lifecycle_policy.this resource
aws_ecr_repository.this resource
aws_ecr_repository_policy.default resource
aws_ecr_repository_policy.override resource
aws_iam_policy_document.default data source
aws_iam_policy_document.eks_cross_account data source
aws_iam_policy_document.lambda_cross_account data source
aws_region.current data source

Inputs

Name Description Type Default Required
account_ids List of AWS Account ID's that will be granted access to the repository list(string) [] no
cross_account_service The service for which to configure cross account pull permissions on the repo. Valid options are EKS or Lambda string null no
lifecycle_policy A lifecycle policy to override the default policy map(any) null no
mutable_tags Boolean setting for repository tag mutability bool true no
name Name of the ECR Repository string n/a yes
override_lifecycle_policy Boolean setting to override the default lifecycle policy bool false no
override_policy Boolean setting to override the default policy bool false no
policy A json encoded policy to override the default policy string null no
tagged_images_to_keep Number of tagged images to keep number 5 no
tags A map of tags to assign to the resource map(string) {} no
untagged_images_to_keep Number of untagged images to keep number 1 no

Outputs

Name Description
repository_arn ECR Repository ARN
repository_url ECR Repository URL

About

An Opinionated Terraform Module to deploy ECR Repositories

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 7

0.1.6 (2 July 2025) Latest
Jul 2, 2025
+ 6 releases

Packages

No packages published

Contributors 5

Languages