diff --git a/terraform/modules/aws-ecr/main.tf b/terraform/modules/aws-ecr/main.tf index 01b32d8..a7ee5fa 100644 --- a/terraform/modules/aws-ecr/main.tf +++ b/terraform/modules/aws-ecr/main.tf @@ -1,35 +1,40 @@ resource "aws_ecr_repository" "this" { - count = var.create_ecr_repository ? 1 : 0 - name = var.name - image_tag_mutability = var.image_tag_mutability + for_each = var.repositories + + name = each.key + image_tag_mutability = each.value.image_tag_mutability image_scanning_configuration { - scan_on_push = var.scan_on_push + scan_on_push = each.value.scan_on_push } tags = var.tags } resource "aws_ecr_lifecycle_policy" "this" { - count = var.create_ecr_repository ? 1 : 0 - repository = aws_ecr_repository.this[0].name - policy = < v if length(v.lifecycle_policies) > 0 } + + repository = aws_ecr_repository.this[each.key].name + + policy = jsonencode({ + rules = [ + for policy in each.value.lifecycle_policies : merge({ + rulePriority = index(each.value.lifecycle_policies, policy) + 1 + description = policy.description + selection = merge({ + tagStatus = policy.tag_status + countType = "sinceImagePushed" + countUnit = policy.count_unit + countNumber = policy.count_number }, - "action": { - "type": "expire" + # Conditionally add tagPrefixList only if tag_status is "tagged" + policy.tag_status == "tagged" ? { + tagPrefixList = "${policy.tagPrefixLists}" + } : {}) + action = { + type = "expire" } - } + }) ] - } - POLICY + }) } diff --git a/terraform/modules/aws-ecr/outputs.tf b/terraform/modules/aws-ecr/outputs.tf index 55f2260..9ee302a 100644 --- a/terraform/modules/aws-ecr/outputs.tf +++ b/terraform/modules/aws-ecr/outputs.tf @@ -1,9 +1,9 @@ output "ecr_repository_url" { - value = var.create_ecr_repository ? aws_ecr_repository.this[0].repository_url : "" + value = { for repository in aws_ecr_repository.this : repository.name => repository.repository_url } description = "The URL of the ECR repository, or empty if not created." } output "ecr_repository_arn" { - value = var.create_ecr_repository ? aws_ecr_repository.this[0].arn : "" + value = { for repository in aws_ecr_repository.this : repository.name => repository.arn } description = "The ARN of the ECR repository, or empty if not created." } diff --git a/terraform/modules/aws-ecr/variables.tf b/terraform/modules/aws-ecr/variables.tf index 96aefa3..577a188 100644 --- a/terraform/modules/aws-ecr/variables.tf +++ b/terraform/modules/aws-ecr/variables.tf @@ -1,25 +1,15 @@ -variable "name" { - description = "The name of the ECR repository" - type = string - default = "maddevs" -} - -variable "image_tag_mutability" { - description = "The tag mutability setting for the repository" - type = string - default = "MUTABLE" -} - -variable "scan_on_push" { - description = "Enable image scanning on push" - type = bool - default = true -} - -variable "create_ecr_repository" { - description = "Enable or not create ECR repository" - type = bool - default = false +variable "repositories" { + type = map(object({ + image_tag_mutability = string + scan_on_push = bool + lifecycle_policies = list(object({ + tag_status = string + count_unit = string + tagPrefixLists = list(string) + count_number = number + description = string + })) + })) } variable "tags" { diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl deleted file mode 100644 index 044085d..0000000 --- a/terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl +++ /dev/null @@ -1,39 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -include "env" { - path = find_in_parent_folders("env.hcl") - expose = true -} - -dependencies { - paths = ["../karpenter"] -} - -generate "providers_versions" { - path = "versions.tf" - if_exists = "overwrite" - contents = <