Resource: awsEcrRepositoryPolicy
Provides an Elastic Container Registry Repository Policy.
Note that currently only one policy may be applied to a repository.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEcrRepositoryFoo = new aws.ecrRepository.EcrRepository(this, "foo", {
name: "bar",
});
const dataAwsIamPolicyDocumentFoopolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "foopolicy", {
statement: [
{
actions: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
effect: "Allow",
principals: [
{
identifiers: ["*"],
type: "*",
},
],
sid: "new policy",
},
],
});
const awsEcrRepositoryPolicyFoopolicy =
new aws.ecrRepositoryPolicy.EcrRepositoryPolicy(this, "foopolicy_2", {
policy: dataAwsIamPolicyDocumentFoopolicy.json,
repository: awsEcrRepositoryFoo.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEcrRepositoryPolicyFoopolicy.overrideLogicalId("foopolicy");
Argument Reference
The following arguments are supported:
repository- (Required) Name of the repository to apply the policy.policy- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide
Attributes Reference
In addition to all arguments above, the following attributes are exported:
repository- The name of the repository.registryId- The registry ID where the repository was created.
Import
ECR Repository Policy can be imported using the repository name, e.g.,