Resource: awsEcrRegistryPolicy
Provides an Elastic Container Registry Policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecrRegistryPolicy.EcrRegistryPolicy(this, "example", {
policy:
'${jsonencode({\n Version = "2012-10-17",\n Statement = [\n {\n Sid = "testpolicy",\n Effect = "Allow",\n Principal = {\n "AWS" : "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"\n },\n Action = [\n "ecr:ReplicateImage"\n ],\n Resource = [\n "arn:${data.aws_partition.current.partition}:ecr:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:repository/*"\n ]\n }\n ]\n })}',
});
new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsPartitionCurrent = new aws.dataAwsPartition.DataAwsPartition(
this,
"current_2",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsPartitionCurrent.overrideLogicalId("current");
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
this,
"current_3",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsRegionCurrent.overrideLogicalId("current");
Argument Reference
The following arguments are supported:
policy- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide
Attributes Reference
In addition to all arguments above, the following attributes are exported:
registryId- The registry ID where the registry was created.
Import
ECR Registry Policy can be imported using the registry id, e.g.,