### Cost-Conscious Test Environment Setup Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Configure test environments with aggressive cleanup policies for minimal storage costs. ```hcl # Aggressive cleanup for test environments module "ecr_test" { source = "lgallard/ecr/aws" name = "test-app" lifecycle_keep_latest_n_images = 5 # Minimal retention lifecycle_expire_untagged_after_days = 1 # Daily cleanup lifecycle_expire_tagged_after_days = 7 # Weekly cleanup } ``` -------------------------------- ### Complete Cross-Region Replication Example with KMS Encryption and Logging Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/variable-examples.md This example demonstrates enabling cross-region replication with specified regions, using KMS encryption for the source repository, and enabling logging for monitoring purposes. Immutable tags are recommended for replication. ```hcl module "ecr_with_replication" { source = "lgallard/ecr/aws" name = "global-application" image_tag_mutability = "IMMUTABLE" # Recommended for replication scan_on_push = true # Enable replication for disaster recovery enable_replication = true replication_regions = ["us-west-2", "eu-west-1", "ap-southeast-1"] # Optional: Use KMS encryption for source repository encryption_type = "KMS" # Enable logging for monitoring enable_logging = true tags = { Environment = "Production" Application = "GlobalApp" Purpose = "MultiRegion" } } ``` -------------------------------- ### Complete ECR Repository Example Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md A comprehensive example defining an ECR repository with scan on push enabled, mutable image tags, repository policy, lifecycle policy, and custom tags. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "ecr-repo-dev" scan_on_push = true image_tag_mutability = "MUTABLE" prevent_destroy = true # Protect repository from accidental deletion # Note that currently only one policy may be applied to a repository. policy = < 0 ? 1 : 0 dynamic "replication_configuration" { for_each = var.registry_replication_rules content { dynamic "rule" { for_each = replication_configuration.value.destinations content { destination { region = rule.value.region registry_id = rule.value.registry_id } } } } } } ``` -------------------------------- ### Custom Development ECR Lifecycle Policy with Helper Variables Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/lifecycle-policies/README.md Configure a custom development lifecycle policy using helper variables for specific retention and tag prefix requirements. This example keeps 75 images and expires untagged images after 5 days. ```hcl module "ecr_custom_dev" { source = "lgallard/ecr/aws" name = "my-app-custom-dev" # Custom retention settings lifecycle_keep_latest_n_images = 75 # More than standard dev template lifecycle_expire_untagged_after_days = 5 # Faster cleanup than standard lifecycle_expire_tagged_after_days = 45 # Some tagged cleanup # Custom tag strategy lifecycle_tag_prefixes_to_keep = ["dev", "feature", "bugfix", "experimental"] tags = { Environment = "Development" Purpose = "Custom Workflow" } } ``` -------------------------------- ### Initialize, Plan, and Apply Terraform Configuration Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/repository-creation-template/README.md Standard Terraform commands to initialize the project, review changes, and apply the infrastructure. ```bash terraform init terraform plan ``` -------------------------------- ### Deploy Infrastructure with Terraform Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/pull-through-cache/README.md Initialize Terraform, review the execution plan, and apply the configuration to deploy the ECR pull-through cache infrastructure. ```bash # Initialize Terraform terraform init # Review the plan terraform plan # Apply the configuration terraform apply ``` -------------------------------- ### Terraform Lifecycle Policy Configuration Example Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/troubleshooting.md Example of Terraform variables that might lead to unexpected lifecycle policy behavior due to conflicting rules. Ensure rule logic aligns with desired outcomes. ```hcl lifecycle_keep_latest_n_images = 100 lifecycle_expire_tagged_after_days = 30 ``` -------------------------------- ### Download and Run Migration Script Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/MIGRATION.md Use this script for an automated migration process. Download the script, make it executable, and run it with your module name. ```bash # Download and run the migration script curl -O https://raw.githubusercontent.com/lgallard/terraform-aws-ecr/main/scripts/migrate-to-foreach.sh chmod +x migrate-to-foreach.sh # Run with your module name (default: "ecr") ./migrate-to-foreach.sh [module_name] ``` -------------------------------- ### Initialize, Plan, and Apply Terraform Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/replication/README.md Standard Terraform commands to set up and deploy the ECR replication configuration. ```bash terraform init terraform plan terraform apply ``` -------------------------------- ### Multi-Environment Strategy with Templates and Custom Settings Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/lifecycle-policies/README.md Demonstrates setting up ECR repositories for different environments (dev, staging, prod, audit) using a combination of lifecycle policy templates and custom helper variables for staging. This allows for tailored policies across your deployment stages. ```hcl # Development environment with template module "ecr_dev" { source = "lgallard/ecr/aws" name = "myapp-dev" lifecycle_policy_template = "development" } # Staging with custom settings module "ecr_staging" { source = "lgallard/ecr/aws" name = "myapp-staging" lifecycle_keep_latest_n_images = 30 lifecycle_expire_untagged_after_days = 5 lifecycle_tag_prefixes_to_keep = ["rc", "staging"] } # Production with template module "ecr_prod" { source = "lgallard/ecr/aws" name = "myapp-prod" lifecycle_policy_template = "production" } # Compliance environment module "ecr_audit" { source = "lgallard/ecr/aws" name = "myapp-audit" lifecycle_policy_template = "compliance" } ``` -------------------------------- ### Pull from Cached Quay Image Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/enhanced-security/README.md Example of pulling a Prometheus image from Quay.io via the ECR pull-through cache. ```bash docker pull .dkr.ecr..amazonaws.com/quay/prometheus/prometheus:latest ``` -------------------------------- ### Get Current ECR Lifecycle Policy Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/lifecycle-policies/README.md Retrieve the current lifecycle policy configuration for an ECR repository to aid in migration. ```bash aws ecr get-lifecycle-policy --repository-name my-repo > current-policy.json ``` -------------------------------- ### Pull from Cached Docker Hub Image Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/enhanced-security/README.md Example of pulling an Nginx image from Docker Hub via the ECR pull-through cache. ```bash docker pull .dkr.ecr..amazonaws.com/docker-hub/library/nginx:latest ``` -------------------------------- ### Staging Environment with Development Template Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Configure staging environments using the 'development' template for consistency during the release cycle. ```hcl # Balanced approach for staging module "ecr_staging" { source = "lgallard/ecr/aws" name = "staging-app" lifecycle_policy_template = "development" # Use template for consistency } ``` -------------------------------- ### Initialize and Plan Terraform Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/MIGRATION.md After running migration commands, initialize Terraform and run a plan to verify the migration. The plan should show no changes if the migration was successful. ```bash # Initialize and plan - should show no changes if migration was successful terraform init terraform plan # The plan should show "No changes" or only minor configuration updates # If it shows resource recreation, review the migration commands ``` -------------------------------- ### Test Docker Image Push to ECR Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/simple/README.md Tests pushing a Docker image to the ECR repository. This requires Docker to be installed and configured. ```bash # Test image push (requires Docker) aws ecr get-login-password --region | docker login --username AWS --password-stdin .dkr.ecr..amazonaws.com ``` -------------------------------- ### Push Docker Image to ECR Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/with-ecs-integration/README.md Follow these steps to log in to ECR, build, tag, and push your Docker image. Replace placeholders like and region with your specific values. ```bash # Get ECR login aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin .dkr.ecr.us-east-1.amazonaws.com # Build your image docker build -t app-dev . # Tag the image docker tag app-dev:latest .dkr.ecr.us-east-1.amazonaws.com/app-dev:latest # Push the image docker push .dkr.ecr.us-east-1.amazonaws.com/app-dev:latest ``` -------------------------------- ### Get Scan Findings for an Image Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/enhanced-security/README.md Use the AWS CLI to retrieve detailed scan findings for a specific image in an ECR repository. ```bash aws ecr describe-image-scan-findings \ --repository-name enhanced-security-repo \ --image-id imageTag=latest ``` -------------------------------- ### Initialize and Validate Terraform Fixtures Locally Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/test/README.md Run Terraform formatting, initialization, and validation for all fixture directories. This command sequence is used to ensure the Terraform configurations within the fixtures are valid and well-formatted. ```bash terraform fmt -recursive terraform init -backend=false for dir in test/fixtures/*/; do terraform -chdir="$dir" init -backend=false terraform -chdir="$dir" validate done pre-commit run --all-files ``` -------------------------------- ### Run Local Validation with Terraform and Pre-commit Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Commands to run local validation for the Terraform module. Requires Terraform 1.3.0+ and pre-commit to be installed. ```bash terraform fmt -recursive terraform init -backend=false pre-commit run --all-files ``` -------------------------------- ### Migrate manual lifecycle policy using helper variables Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Illustrates migrating a manual lifecycle policy to use helper variables for keeping a specific number of images with defined tag prefixes. This simplifies configuration for common scenarios. ```hcl # Before (manual policy) lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1 description = "Keep 30 images with specific prefixes" selection = { tagStatus = "tagged" tagPrefixList = ["v", "release"] countType = "imageCountMoreThan" countNumber = 30 } action = { type = "expire" } } ] }) # After (using helper variables) lifecycle_keep_latest_n_images = 30 lifecycle_tag_prefixes_to_keep = ["v", "release"] ``` -------------------------------- ### Required Variables for Monitoring Setup Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/monitoring/README.md Define the email addresses that will receive SNS notifications for alarm triggers. Ensure these are valid email addresses. ```hcl notification_emails = [ "admin@company.com", "devops@company.com" ] ``` -------------------------------- ### Migrate manual lifecycle policy to template Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Compares a manual lifecycle policy configuration with the equivalent using the 'production' template. This demonstrates how to simplify complex policies by leveraging predefined templates. ```hcl # Before (manual policy) module "ecr" { source = "lgallard/ecr/aws" name = "my-app" lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1 description = "Keep last 100 images" selection = { tagStatus = "any" countType = "imageCountMoreThan" countNumber = 100 } action = { type = "expire" } }, { rulePriority = 2 description = "Expire untagged after 14 days" selection = { tagStatus = "untagged" countType = "sinceImagePushed" countUnit = "days" countNumber = 14 } action = { type = "expire" } } ] }) } # After (using production template) module "ecr" { source = "lgallard/ecr/aws" name = "my-app" lifecycle_policy_template = "production" # Matches the pattern above } ``` -------------------------------- ### Configure Lifecycle Policy with Helper Variables Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/variable-examples.md Configure lifecycle policies using individual helper variables for maximum flexibility. This approach simplifies common lifecycle patterns. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "application-backend" # Keep only the latest 30 images lifecycle_keep_latest_n_images = 30 # Delete untagged images after 7 days lifecycle_expire_untagged_after_days = 7 # Delete tagged images after 90 days lifecycle_expire_tagged_after_days = 90 # Apply retention rules only to specific tag prefixes lifecycle_tag_prefixes_to_keep = ["v", "release", "prod"] } ``` -------------------------------- ### Get Caller Identity Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/troubleshooting.md This AWS CLI command helps identify the current IAM principal making the request, useful for debugging permissions issues. ```bash aws sts get-caller-identity ``` -------------------------------- ### Simple ECR Repository Creation Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Creates a basic ECR repository with a specified name and tags. Useful for standard repository needs. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "ecr-repo-dev" # Tags tags = { Owner = "DevOps team" Environment = "dev" Terraform = true } } ``` -------------------------------- ### MCP Server Local Configuration for Context7 Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/CLAUDE.md Configures the local environment to use the Context7 MCP server for accessing general library and framework documentation. This requires Node.js and npm/npx. ```json { "mcpServers": { "context7": { "command": "npx", "args": ["-y", "@upstash/context7-mcp@latest"] } } } ``` -------------------------------- ### Define ECR Repository Policy Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/variable-examples.md Specifies a JSON policy to control access to an ECR repository. This example allows specific IAM roles to pull images. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "application-backend" # Allow specific IAM roles to pull images policy = jsonencode({ Version = "2012-10-17" Statement = [ { Sid = "AllowPull" Effect = "Allow" Principal = { AWS = [ "arn:aws:iam::123456789012:role/ECSTaskExecutionRole", "arn:aws:iam::123456789012:role/KubernetesNodeRole" ] } Action = [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ] } ] }) } ``` -------------------------------- ### List Repositories with Enhanced Scanning Configuration Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/enhanced-security/README.md Query the AWS CLI to view the registry-level scanning configuration, which applies to all repositories. ```bash aws ecr describe-registry \ --query 'scanningConfiguration' ``` -------------------------------- ### ECR Image Management Commands Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/pull-request-rules/README.md These commands demonstrate how to log in to ECR, build and tag a Docker image, push it to trigger pull request rules, and manually approve an image after review. ```bash # Login to ECR aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin .dkr.ecr.us-west-2.amazonaws.com # Build and tag image docker build -t my-application:latest . docker tag my-application:latest .dkr.ecr.us-west-2.amazonaws.com/my-application:prod-v1.0.0 # Push image (will trigger pull request rules) docker push .dkr.ecr.us-west-2.amazonaws.com/my-application:prod-v1.0.0 # After review, approve the image aws ecr put-image \ --repository-name my-application \ --image-tag prod-v1.0.0 \ --tag-list Key=ApprovalStatus,Value=approved ``` -------------------------------- ### Terraform ECR Lifecycle Policy Template Typos Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/troubleshooting.md Shows an example of an invalid lifecycle policy template name in Terraform. Ensure template names are correct and exist. ```hcl # Invalid lifecycle_policy_template = "prod" # Not a valid template # Valid lifecycle_policy_template = "production" ``` -------------------------------- ### Configure ECR Lifecycle with Cost Optimization Template Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Apply the 'cost_optimization' predefined lifecycle policy template for ECR repositories, designed for minimal storage costs in test environments. ```hcl module "ecr_cost" { source = "lgallard/ecr/aws" name = "test-app" lifecycle_policy_template = "cost_optimization" } ``` -------------------------------- ### Get ECR Lifecycle Policy Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/troubleshooting.md Retrieves the lifecycle policy currently applied to an ECR repository. This is useful for verifying policy configurations. Replace 'my-repo-name' with your repository name. ```bash aws ecr get-lifecycle-policy --repository-name my-repo-name ``` -------------------------------- ### Terraform Destroy Command Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/complete/README.md This command is used to remove all resources created by the Terraform example. Note that repositories with 'prevent_destroy=true' may require manual state modification or targeted destruction. ```bash # Note: Protected repository has prevent_destroy=true # You may need to remove this setting first or use -target for selective destruction terraform destroy ``` -------------------------------- ### Configure ECR Lifecycle with Production Template Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Apply the 'production' predefined lifecycle policy template for ECR repositories, balancing image retention and stability for production environments. ```hcl module "ecr_prod" { source = "lgallard/ecr/aws" name = "prod-app" lifecycle_policy_template = "production" } ``` -------------------------------- ### Configure Lifecycle Policy Template with Customization Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/lifecycle-policies/README.md Implement a lifecycle policy using a predefined template and customize it with helper variables for specific needs, such as keeping a certain number of the latest images. ```hcl lifecycle_policy_template = "production" lifecycle_keep_latest_n_images = 150 ``` -------------------------------- ### Pull from Cached ECR Images Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/security-best-practices.md Examples of pulling images from a configured ECR pull-through cache for Docker Hub and Quay. Replace placeholders with your AWS account ID and region. ```bash # Pull from cached Docker Hub image docker pull .dkr.ecr..amazonaws.com/docker-hub/library/nginx:latest # Pull from cached Quay image docker pull .dkr.ecr..amazonaws.com/quay/prometheus/prometheus:latest ``` -------------------------------- ### Use Predefined Lifecycle Policy Templates Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/variable-examples.md Utilize predefined templates for common lifecycle scenarios like development, production, cost optimization, and compliance. These templates offer a quick way to set up standard retention policies. ```hcl # Development environment optimized for frequent builds module "ecr_dev" { source = "lgallard/ecr/aws" name = "dev-application" lifecycle_policy_template = "development" # Keeps 50 images, expires untagged after 7 days } # Production environment with longer retention module "ecr_prod" { source = "lgallard/ecr/aws" name = "prod-application" lifecycle_policy_template = "production" # Keeps 100 images, expires untagged after 14 days, tagged after 90 days } # Cost-optimized for minimal storage usage module "ecr_cost" { source = "lgallard/ecr/aws" name = "test-application" lifecycle_policy_template = "cost_optimization" # Keeps 10 images, expires untagged after 3 days, tagged after 30 days } # Compliance environment with long retention module "ecr_compliance" { source = "lgallard/ecr/aws" name = "audit-application" lifecycle_policy_template = "compliance" # Keeps 200 images, expires untagged after 30 days, tagged after 365 days } ``` -------------------------------- ### Configure Cross-Account ECR Access Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/security-best-practices.md Set up ECR repository policies to allow cross-account access for pulling images. This example grants pull permissions to a specified consumer AWS account. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "secure-ecr-repo" policy = jsonencode({ Version = "2012-10-17", Statement = [ { Sid = "CrossAccountPull", Effect = "Allow", Principal = { AWS = "arn:aws:iam::${var.consumer_account_id}:root" }, Action = [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ] } ] }) } ``` -------------------------------- ### Migrate SNS Subscription State Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/MIGRATION.md Migrate each SNS topic subscription resource address to use a for_each key. Run these commands for every email subscriber, starting from index 0. ```bash # SNS Subscriptions (run for each email subscriber, starting from index 0) terraform state mv 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email[0]' 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email["subscription-0"]' terraform state mv 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email[1]' 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email["subscription-1"]' terraform state mv 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email[2]' 'module.ecr.aws_sns_topic_subscription.ecr_monitoring_email["subscription-2"]' # Continue for all subscribers... ``` -------------------------------- ### Testing ECR Lifecycle Policy Preview with AWS CLI Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/lifecycle-policies/README.md Provides AWS CLI commands to test ECR lifecycle policies after applying Terraform configuration. Use `start-lifecycle-policy-preview` to initiate a preview and `get-lifecycle-policy-preview` to view the results. ```bash # Apply the Terraform configuration first terraform apply # Then test the policy aws ecr start-lifecycle-policy-preview --repository-name myapp-dev aws ecr get-lifecycle-policy-preview --repository-name myapp-dev ``` -------------------------------- ### Move CloudWatch Monitoring Resources Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/scripts/terraform-move-commands.txt Execute these commands to migrate CloudWatch metric alarms from count-based to for_each-based configurations. Ensure 'var.enable_monitoring' is true. ```bash terraform state mv 'module.ecr.aws_cloudwatch_metric_alarm.repository_storage_usage[0]' 'module.ecr.aws_cloudwatch_metric_alarm.monitoring["storage_usage"]' ``` ```bash terraform state mv 'module.ecr.aws_cloudwatch_metric_alarm.api_call_volume[0]' 'module.ecr.aws_cloudwatch_metric_alarm.monitoring["api_call_volume"]' ``` ```bash terraform state mv 'module.ecr.aws_cloudwatch_metric_alarm.image_push_count[0]' 'module.ecr.aws_cloudwatch_metric_alarm.monitoring["image_push_count"]' ``` ```bash terraform state mv 'module.ecr.aws_cloudwatch_metric_alarm.image_pull_count[0]' 'module.ecr.aws_cloudwatch_metric_alarm.monitoring["image_pull_count"]' ``` ```bash terraform state mv 'module.ecr.aws_cloudwatch_metric_alarm.security_findings[0]' 'module.ecr.aws_cloudwatch_metric_alarm.monitoring["security_findings"]' ``` -------------------------------- ### ECR Lifecycle Policy JSON Structure Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/docs/troubleshooting.md Example of a JSON structure for an ECR lifecycle policy, defining rules for tagged images. Pay close attention to rule priority and selection criteria. ```json { "rules": [ { "rulePriority": 1, "selection": { "tagStatus": "tagged", "tagPrefixList": ["prod"], "countType": "imageCountMoreThan", "countNumber": 10 }, "action": { "type": "expire" } }, { "rulePriority": 2, "selection": { "tagStatus": "tagged", "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 30 }, "action": { "type": "expire" } } ] } ``` -------------------------------- ### Get current lifecycle policy from Terraform state Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Use this bash command to inspect your current lifecycle policy configuration within your Terraform state. This is useful for analyzing existing rules before migration. ```bash # Get current policy from Terraform state terraform show | grep -A 20 lifecycle_policy ``` -------------------------------- ### Configure ECR Lifecycle with Development Template Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Apply the 'development' predefined lifecycle policy template for ECR repositories, optimized for frequent builds and testing scenarios. ```hcl module "ecr_dev" { source = "lgallard/ecr/aws" name = "dev-app" lifecycle_policy_template = "development" } ``` -------------------------------- ### Configure ECR pull request rules for production Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/README.md Example of enabling and configuring pull request rules for an ECR repository. This includes setting up approval requirements, tag patterns, severity thresholds, and notification topics. ```hcl module "ecr" { source = "lgallard/ecr/aws" name = "production-app" # Enable pull request rules enable_pull_request_rules = true # Configure approval requirements pull_request_rules = [ { name = "production-approval" type = "approval" enabled = true conditions = { tag_patterns = ["prod-*", "release-*"] severity_threshold = "HIGH" } actions = { require_approval_count = 2 notification_topic_arn = "arn:aws:sns:region:account:topic" } } ] } ``` -------------------------------- ### Move Logging Resources Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/scripts/terraform-move-commands.txt Migrate CloudWatch Log Group and IAM Role for logging. Execute these if 'var.enable_logging' is true. ```bash terraform state mv 'module.ecr.aws_cloudwatch_log_group.ecr_logs[0]' 'module.ecr.aws_cloudwatch_log_group.ecr_logs["log_group"]' ``` ```bash terraform state mv 'module.ecr.aws_iam_role.ecr_logging[0]' 'module.ecr.aws_iam_role.ecr_logging["iam_role"]' ``` -------------------------------- ### Configure ECR Repository with Cost Allocation Tags Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/examples/advanced-tagging/README.md Sets up an ECR repository using the 'cost_allocation' default tag template. This is useful for financial reporting and cost tracking. ```hcl module "ecr_cost_allocation" { source = "../.." name = "cost-allocation-repo" # Use cost allocation template enable_default_tags = true default_tags_template = "cost_allocation" default_tags_environment = "production" default_tags_owner = "platform-team" default_tags_project = "user-service" default_tags_cost_center = "engineering-cc-001" } ``` -------------------------------- ### Claude AI Prompt for Terraform Validation Patterns Source: https://github.com/lgallard/terraform-aws-ecr/blob/master/CLAUDE.md Example prompt for Claude AI to research Terraform validation patterns and assist in adding fixture coverage for a specific feature. This utilizes the Context7 MCP server. ```text @claude Look up current Terraform validation patterns and help me add fixture coverage for the pull-through cache feature. ```