Resource: awsEcrpublicRepositoryPolicy

Provides an Elastic Container Registry Public Repository Policy.

Note that currently only one policy may be applied to a repository.

\~> NOTE: This resource can only be used in the usEast1 region.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEcrpublicRepositoryExample =
  new aws.ecrpublicRepository.EcrpublicRepository(this, "example", {
    repositoryName: "example",
  });
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_1", {
    statement: [
      {
        actions: [
          "ecr:GetDownloadUrlForLayer",
          "ecr:BatchGetImage",
          "ecr:BatchCheckLayerAvailability",
          "ecr:PutImage",
          "ecr:InitiateLayerUpload",
          "ecr:UploadLayerPart",
          "ecr:CompleteLayerUpload",
          "ecr:DescribeRepositories",
          "ecr:GetRepositoryPolicy",
          "ecr:ListImages",
          "ecr:DeleteRepository",
          "ecr:BatchDeleteImage",
          "ecr:SetRepositoryPolicy",
          "ecr:DeleteRepositoryPolicy",
        ],
        effect: "Allow",
        principals: [
          {
            identifiers: ["*"],
            type: "*",
          },
        ],
        sid: "new policy",
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsEcrpublicRepositoryPolicyExample =
  new aws.ecrpublicRepositoryPolicy.EcrpublicRepositoryPolicy(
    this,
    "example_2",
    {
      policy: dataAwsIamPolicyDocumentExample.json,
      repositoryName: awsEcrpublicRepositoryExample.repositoryName,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEcrpublicRepositoryPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

repositoryName - (Required) Name of the repository to apply the policy.
policy - (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide

Attributes Reference

In addition to all arguments above, the following attributes are exported:

registryId - The registry ID where the repository was created.

Import

ECR Public Repository Policy can be imported using the repository name, e.g.

$ terraform import aws_ecrpublic_repository_policy.example example