Changes for ECR module

Author: Valentin Khramtsov

terraform/modules/aws-ecr/main.tf

@@ -1,35 +1,40 @@
 
 resource "aws_ecr_repository" "this" {
-  count                = var.create_ecr_repository ? 1 : 0
-  name                 = var.name
-  image_tag_mutability = var.image_tag_mutability
+  for_each             = var.repositories
+
+  name                 = each.key
+  image_tag_mutability = each.value.image_tag_mutability
   image_scanning_configuration {
-    scan_on_push = var.scan_on_push
+    scan_on_push       = each.value.scan_on_push
   }
 
   tags = var.tags
 }
 
 resource "aws_ecr_lifecycle_policy" "this" {
-  count      = var.create_ecr_repository ? 1 : 0
-  repository = aws_ecr_repository.this[0].name
-  policy     = <<POLICY
-  {
-    "rules": [
-      {
-        "rulePriority": 1,
-        "description": "Expire untagged images older than 14 days",
-        "selection": {
-          "tagStatus": "untagged",
-          "countType": "sinceImagePushed",
-          "countUnit": "days",
-          "countNumber": 14
+  for_each             = { for k, v in var.repositories : k => v if length(v.lifecycle_policies) > 0 }
+
+  repository = aws_ecr_repository.this[each.key].name
+
+  policy = jsonencode({
+    rules = [
+      for policy in each.value.lifecycle_policies : merge({
+        rulePriority = index(each.value.lifecycle_policies, policy) + 1
+        description  = policy.description
+        selection = merge({
+          tagStatus   = policy.tag_status
+          countType   = "sinceImagePushed"
+          countUnit   = policy.count_unit
+          countNumber = policy.count_number
         },
-        "action": {
-          "type": "expire"
+        # Conditionally add tagPrefixList only if tag_status is "tagged"
+        policy.tag_status == "tagged" ? {
+          tagPrefixList = "${policy.tagPrefixLists}"
+        } : {})
+        action = {
+          type = "expire"
         }
-      }
+      })
     ]
-  }
-  POLICY
+  })
 }

terraform/modules/aws-ecr/outputs.tf

@@ -1,9 +1,9 @@
 output "ecr_repository_url" {
-  value = var.create_ecr_repository ? aws_ecr_repository.this[0].repository_url : ""
+  value = { for repository in aws_ecr_repository.this : repository.name => repository.repository_url }
   description = "The URL of the ECR repository, or empty if not created."
 }
 
 output "ecr_repository_arn" {
-  value = var.create_ecr_repository ? aws_ecr_repository.this[0].arn : ""
+  value = { for repository in aws_ecr_repository.this : repository.name => repository.arn }
   description = "The ARN of the ECR repository, or empty if not created."
 }

terraform/modules/aws-ecr/variables.tf

@@ -1,25 +1,15 @@
-variable "name" {
-  description = "The name of the ECR repository"
-  type        = string
-  default     = "maddevs"
-}
-
-variable "image_tag_mutability" {
-  description = "The tag mutability setting for the repository"
-  type        = string
-  default     = "MUTABLE"
-}
-
-variable "scan_on_push" {
-  description = "Enable image scanning on push"
-  type        = bool
-  default     = true
-}
-
-variable "create_ecr_repository" {
-  description = "Enable or not create ECR repository"
-  type        = bool
-  default     = false
+variable "repositories" {
+  type                   = map(object({
+    image_tag_mutability = string
+    scan_on_push         = bool
+    lifecycle_policies   = list(object({
+      tag_status         = string
+      count_unit         = string
+      tagPrefixLists     = list(string)
+      count_number       = number
+      description        = string
+    }))
+  }))
 }
 
 variable "tags" {

terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/terragrunt.hcl

@@ -0,0 +1,56 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+include "env" {
+  path   = find_in_parent_folders("env.hcl")
+  expose = true
+}
+
+generate "providers_versions" {
+  path      = "versions.tf"
+  if_exists = "overwrite"
+  contents  = <<EOF
+terraform {
+  required_version = ">= 1.8.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "${include.root.locals.tf_providers.aws}"
+    }
+  }
+}
+EOF
+}
+
+terraform {
+  source = "${get_path_to_repo_root()}/terraform//modules/aws-ecr"
+}
+
+inputs = {
+  repositories = {
+    "${include.env.locals.name}" = {
+      image_tag_mutability = "MUTABLE"
+      scan_on_push         = true
+
+      lifecycle_policies = [
+        {
+          tag_status         = "tagged"
+          count_unit         = "days"
+          count_number       = 7
+          tagPrefixLists     = ["${include.env.locals.name}"]
+          description        = "Keep image for 24 hours"
+        },
+        {
+          tag_status         = "untagged"
+          count_unit         = "days"
+          count_number       = 1
+          tagPrefixLists     = []
+          description        = "Keep image for 7 days"
+        }
+      ]
+    }
+  }
+}

terragrunt/ACCOUNT_ID/us-east-1/demo/aws-ecr/.terraform.lock.hcl renamed to terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-ecr/.terraform.lock.hcl

@@ -52,7 +52,7 @@ dependency "aws-r53" {
 }
 
 dependencies {
-  paths = ["../karpenter", "../aws-ecr"]
+  paths = ["../karpenter"]
 }
 
 generate "providers_versions" {