AWS Amazon ECR Replication Configuration
This page shows how to write Terraform and CloudFormation for Amazon ECR Replication Configuration and write them securely.
aws_ecr_replication_configuration (Terraform)
The Replication Configuration in Amazon ECR can be configured in Terraform with the resource name aws_ecr_replication_configuration. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ecr_replication_configuration" "this" {
replication_configuration {
rule {
destination {
region = var.region
registry_id = var.registry_id
resource "aws_ecr_replication_configuration" "example" {
replication_configuration {
rule {
destination {
region = var.replica_region
registry_id = data.aws_caller_identity.current.account_id
resource "aws_ecr_replication_configuration" "rc" {
replication_configuration {
rule {
dynamic "destination" {
for_each = toset(var.replication_regions)
content {
resource "aws_ecr_replication_configuration" "default" {
count = length(var.cross_replication) > 0 ? 1 : 0
replication_configuration {
rule {
dynamic "destination" {
for_each = var.cross_replication
Parameters
-
idoptional computed - string -
registry_idoptional computed - string -
replication_configurationlist block-
rulelist block-
destinationlist block-
regionrequired - string -
registry_idrequired - string
-
-
-
Explanation in Terraform Registry
Provides an Elastic Container Registry Replication Configuration.
Tips: Best Practices for The Other AWS Amazon ECR Resources
In addition to the aws_ecr_repository, AWS Amazon ECR has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_ecr_repository
Ensure to enable ECR image scan
It is better to enbale ECR image scan. AWS ECR provides a feature to scan container images and discover vulnerable software.
AWS::ECR::ReplicationConfiguration (CloudFormation)
The ReplicationConfiguration in ECR can be configured in CloudFormation with the resource name AWS::ECR::ReplicationConfiguration. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
"AWS::ECR::ReplicationConfiguration": {
"Type": "AWS::ECR::ReplicationConfiguration",
"Properties": {}
},
"AWS::QLDB::Ledger": {
"Type": "AWS::QLDB::Ledger",
Parameters
-
ReplicationConfigurationrequired - ReplicationConfiguration
Explanation in CloudFormation Registry
The
AWS::ECR::ReplicationConfigurationresource creates or updates the replication configuration for a private registry. The first time a replication configuration is applied to a private registry, a service-linked IAM role is created in your account for the replication process. For more information, see Using Service-Linked Roles for Amazon ECR in the Amazon Elastic Container Registry User Guide.Note When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a private registry permissions policy. For more information, see
AWS::ECR::RegistryPolicy.
Frequently asked questions
What is AWS Amazon ECR Replication Configuration?
AWS Amazon ECR Replication Configuration is a resource for Amazon ECR of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon ECR Replication Configuration?
For Terraform, the asaphe/terraform-aws-ecr, MyCloudSeries/aws-ecr-terraform and chmoon93/cross-region-replication source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the mhlabs/aws-icons-directory source code example is useful. See the CloudFormation Example section for further details.
