Resource: awsEcrpublicRepositoryPolicy
Provides an Elastic Container Registry Public Repository Policy.
Note that currently only one policy may be applied to a repository.
\~> NOTE: This resource can only be used in the usEast1
region.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEcrpublicRepositoryExample =
new aws.ecrpublicRepository.EcrpublicRepository(this, "example", {
repositoryName: "example",
});
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_1", {
statement: [
{
actions: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
effect: "Allow",
principals: [
{
identifiers: ["*"],
type: "*",
},
],
sid: "new policy",
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsEcrpublicRepositoryPolicyExample =
new aws.ecrpublicRepositoryPolicy.EcrpublicRepositoryPolicy(
this,
"example_2",
{
policy: dataAwsIamPolicyDocumentExample.json,
repositoryName: awsEcrpublicRepositoryExample.repositoryName,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEcrpublicRepositoryPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
repositoryName
- (Required) Name of the repository to apply the policy.policy
- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide
Attributes Reference
In addition to all arguments above, the following attributes are exported:
registryId
- The registry ID where the repository was created.
Import
ECR Public Repository Policy can be imported using the repository name, e.g.