### Terraform Initialization and Application Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/examples/repository-template/README.md Standard Terraform commands to initialize, plan, and apply the configuration. Ensure you have Terraform installed and configured for AWS access. ```bash terraform init ``` ```bash terraform plan ``` ```bash terraform apply ``` -------------------------------- ### Terragrunt Example: Managing Multiple S3 Buckets Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/repository-template/README.md This example shows how to use the ECR repository template wrapper in Terragrunt to manage multiple S3 buckets, applying common configurations via `defaults` and specific settings per bucket in `items`. ```hcl terraform { source = "tfr:///terraform-aws-modules/ecr/aws//wrappers/repository-template" # Alternative source: # source = "git::git@github.com:terraform-aws-modules/terraform-aws-ecr.git//wrappers/repository-template?ref=master" } inputs = { defaults = { force_destroy = true attach_elb_log_delivery_policy = true attach_lb_log_delivery_policy = true attach_deny_insecure_transport_policy = true attach_require_latest_tls_policy = true } items = { bucket1 = { bucket = "my-random-bucket-1" } bucket2 = { bucket = "my-random-bucket-2" tags = { Secure = "probably" } } } } ``` -------------------------------- ### Create ECR Replication Repository Template Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/modules/repository-template/README.md Set up a repository template with a lifecycle policy for replication. This example defines a rule to keep the last 30 tagged images. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws//modules/repository-template" # Template description = "Replication repository template for production ECR artifacts" prefix = "prod" create_repository_policy = true lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1, description = "Keep last 30 images", selection = { tagStatus = "tagged", tagPrefixList = ["v"], countType = "imageCountMoreThan", countNumber = 30 }, action = { type = "expire" } } ] }) tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Terragrunt Example: Managing Multiple S3 Buckets Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/README.md This example shows how to manage multiple S3 buckets using the ECR module wrapper in a Terragrunt layer. It specifies default bucket configurations and individual settings for two buckets, including `force_destroy` and logging policies. ```hcl terraform { source = "tfr:///terraform-aws-modules/ecr/aws//wrappers" # Alternative source: # source = "git::git@github.com:terraform-aws-modules/terraform-aws-ecr.git//wrappers?ref=master" } inputs = { defaults = { force_destroy = true attach_elb_log_delivery_policy = true attach_lb_log_delivery_policy = true attach_deny_insecure_transport_policy = true attach_require_latest_tls_policy = true } items = { bucket1 = { bucket = "my-random-bucket-1" } bucket2 = { bucket = "my-random-bucket-2" tags = { Secure = "probably" } } } } ``` -------------------------------- ### Manage ECR Registry and Policies Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/README.md Configure registry settings including policies, pull-through cache rules, scanning configurations, and replication rules. This example shows how to manage these aspects of an ECR registry. ```hcl module "ecr_registry" { source = "terraform-aws-modules/ecr/aws" repository_name = "registry-example" create_repository = false # Registry Policy create_registry_policy = true registry_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Sid = "testpolicy", Effect = "Allow", Principal = { "AWS" : "arn:aws:iam::012345678901:root" }, Action = [ "ecr:ReplicateImage" ], Resource = [ "arn:aws:ecr:us-east-1:012345678901:repository/*" ] }, { Sid = "dockerhub", Effect = "Allow", Principal = { "AWS" : "arn:aws:iam::012345678901:root" }, Action = [ "ecr:CreateRepository", "ecr:BatchImportUpstreamImage" ], Resource = [ "arn:aws:ecr:us-east-1:012345678901:repository/dockerhub/*" ] } ] }) # Registry Pull Through Cache Rules registry_pull_through_cache_rules = { pub = { ecr_repository_prefix = "ecr-public" upstream_registry_url = "public.ecr.aws" } dockerhub = { ecr_repository_prefix = "dockerhub" upstream_registry_url = "registry-1.docker.io" credential_arn = "arn:aws:secretsmanager:us-east-1:123456789:secret:ecr-pullthroughcache/dockerhub" } } # Registry Scanning Configuration manage_registry_scanning_configuration = true registry_scan_type = "ENHANCED" registry_scan_rules = [ { scan_frequency = "SCAN_ON_PUSH" filter = [ { filter = "example1" filter_type = "WILDCARD" }, { filter = "example2" filter_type = "WILDCARD" } ] }, { scan_frequency = "CONTINUOUS_SCAN" filter = [ { filter = "example" filter_type = "WILDCARD" } ] } ] # Registry Replication Configuration create_registry_replication_configuration = true registry_replication_rules = [ { destinations = [{ region = "us-west-2" registry_id = "012345678901" }, { region = "eu-west-1" registry_id = "012345678901" }] repository_filters = [{ filter = "prod-microservice" filter_type = "PREFIX_MATCH" }] } ] tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Repository Template for Replication Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Creates repository templates specifically for repositories that are automatically created through cross-region or cross-account replication. Configures access control and repository settings. ```hcl module "ecr_replication_template" { source = "terraform-aws-modules/ecr/aws//modules/repository-template" # Configure for replication applied_for = ["REPLICATION"] description = "Replication repository template for production ECR artifacts" prefix = "prod" create_repository_policy = true # Access control for replicated repositories repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] repository_read_access_arns = ["arn:aws:iam::012345678901:role/readonly"] # Repository configuration image_tag_mutability = "IMMUTABLE" encryption_type = "KMS" kms_key_arn = "arn:aws:kms:us-east-1:012345678901:key/12345678-1234-1234-1234-123456789012" # Tags to apply to created repositories resource_tags = { Replicated = "true" } tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Create Multiple ECR Repositories with Wrapper Module Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Use the wrapper module pattern to define multiple ECR repositories with shared default configurations. This is ideal for Terragrunt users or managing many similar repositories. ```hcl module "wrapper" { source = "terraform-aws-modules/ecr/aws//wrappers" # Default values applied to all repositories defaults = { create = true repository_image_scan_on_push = true repository_image_tag_mutability = "IMMUTABLE" tags = { Terraform = "true" Environment = "production" } } # Define multiple repositories items = { frontend = { repository_name = "frontend-app" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/frontend-deploy"] } backend = { repository_name = "backend-api" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/backend-deploy"] repository_lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1, description = "Keep last 50 images", selection = { tagStatus = "any", countType = "imageCountMoreThan", countNumber = 50 }, action = { type = "expire" } } ] }) } worker = { repository_name = "background-worker" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/worker-deploy"] } } } # Access individual repository outputs # module.wrapper.wrapper["frontend"].repository_url # module.wrapper.wrapper["backend"].repository_arn ``` -------------------------------- ### Create Public ECR Repository Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/README.md This snippet demonstrates how to create a public ECR repository. It includes catalog data such as description, usage text, operating systems, architectures, and a logo. ```hcl module "public_ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "public-example" repository_type = "public" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] public_repository_catalog_data = { description = "Docker container for some things" about_text = file("${path.module}/files/ABOUT.md") usage_text = file("${path.module}/files/USAGE.md") operating_systems = ["Linux"] architectures = ["x86"] logo_image_blob = filebase64("${path.module}/files/clowd.png") } tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Repository Template for Pull-Through Cache Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Creates a repository template for pull-through cache rules, defining default settings for repositories automatically created by these rules. Ensures consistent configuration for cached images. ```hcl module "ecr_repository_template" { source = "terraform-aws-modules/ecr/aws//modules/repository-template" # Template configuration description = "Pull through cache repository template for Karpenter" prefix = "ecr-public" create_repository_policy = true # Pull through cache rule upstream_registry_url = "public.ecr.aws" # Repository settings for cached images image_tag_mutability = "IMMUTABLE" encryption_type = "AES256" # Lifecycle policy for cached images lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1, description = "Keep last 30 images", selection = { tagStatus = "tagged", tagPrefixList = ["v"], countType = "imageCountMoreThan", countNumber = 30 }, action = { type = "expire" } } ] }) tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Configure Pull-Through Cache Rules Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Set up pull-through cache rules to automatically cache images from upstream registries like Docker Hub or ECR Public. This reduces external dependencies and improves pull performance. Requires credentials for private registries. ```hcl module "ecr_registry" { source = "terraform-aws-modules/ecr/aws" create_repository = false # Configure pull-through cache rules registry_pull_through_cache_rules = { # Cache ECR Public images ecr-public = { ecr_repository_prefix = "ecr-public" upstream_registry_url = "public.ecr.aws" } # Cache Docker Hub images (requires credentials) dockerhub = { ecr_repository_prefix = "dockerhub" upstream_registry_url = "registry-1.docker.io" credential_arn = "arn:aws:secretsmanager:us-east-1:012345678901:secret:ecr-pullthroughcache/dockerhub" } # Cache from another private ECR registry private-ecr = { ecr_repository_prefix = "upstream" upstream_registry_url = "012345678901.dkr.ecr.us-west-2.amazonaws.com" upstream_repository_prefix = "myapp" } } tags = { Terraform = "true" Environment = "production" } } # After configuration, pull images using the cache prefix: # docker pull 012345678901.dkr.ecr.us-east-1.amazonaws.com/ecr-public/nginx/nginx:latest # docker pull 012345678901.dkr.ecr.us-east-1.amazonaws.com/dockerhub/library/nginx:latest ``` -------------------------------- ### Configure ECR Registry Policy Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Configure registry-level policies for cross-account replication and pull-through cache permissions. This manages permissions at the registry level, not individual repositories. ```hcl module "ecr_registry" { source = "terraform-aws-modules/ecr/aws" # Skip repository creation, only configure registry create_repository = false # Create registry policy for cross-account access create_registry_policy = true registry_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Sid = "ReplicationAccess", Effect = "Allow", Principal = { "AWS" : "arn:aws:iam::012345678901:root" }, Action = [ "ecr:ReplicateImage" ], Resource = [ "arn:aws:ecr:us-east-1:012345678901:repository/*" ] }, { Sid = "PullThroughCacheAccess", Effect = "Allow", Principal = { "AWS" : "arn:aws:iam::012345678901:root" }, Action = [ "ecr:CreateRepository", "ecr:BatchImportUpstreamImage" ], Resource = [ "arn:aws:ecr:us-east-1:012345678901:repository/dockerhub/*" ] } ] }) tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Terraform Configuration for ECR Module Wrapper Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/README.md This Terraform configuration demonstrates how to use the ECR module wrapper. It defines default settings and specific configurations for multiple ECR repositories within a single module block. ```hcl module "wrapper" { source = "terraform-aws-modules/ecr/aws//wrappers" defaults = { # Default values create = true tags = { Terraform = "true" Environment = "dev" } } items = { my-item = { # omitted... can be any argument supported by the module } my-second-item = { # omitted... can be any argument supported by the module } # omitted... } } ``` -------------------------------- ### Terraform Configuration for ECR Repository Template Wrapper Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/repository-template/README.md This Terraform configuration demonstrates how to use the ECR repository template wrapper module directly. It allows managing multiple repository configurations within a single module block. ```hcl module "wrapper" { source = "terraform-aws-modules/ecr/aws//wrappers/repository-template" defaults = { # Default values create = true tags = { Terraform = "true" Environment = "dev" } } items = { my-item = { # omitted... can be any argument supported by the module } my-second-item = { # omitted... can be any argument supported by the module } # omitted... } } ``` -------------------------------- ### Configure Immutable Tags with Exclusions Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Use IMMUTABLE_WITH_EXCLUSION to protect most tags while allowing specific patterns like 'latest*' or 'dev-*' to be overwritten. This balances tag protection with CI/CD flexibility. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "my-application" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] # Use IMMUTABLE_WITH_EXCLUSION to protect most tags repository_image_tag_mutability = "IMMUTABLE_WITH_EXCLUSION" # Allow these tag patterns to be overwritten repository_image_tag_mutability_exclusion_filter = [ { filter = "latest*" filter_type = "WILDCARD" }, { filter = "dev-*" filter_type = "WILDCARD" }, { filter = "qa-*" filter_type = "WILDCARD" } ] tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Create Public ECR Repository Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt This snippet creates a public ECR repository suitable for open-source images, including catalog metadata for the ECR Public Gallery. It allows anonymous pull access and requires specifying catalog data like description and logo. ```hcl module "public_ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "my-public-image" repository_type = "public" # Grant push access to specific IAM roles repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] # Configure catalog data for ECR Public Gallery public_repository_catalog_data = { description = "Docker container for my awesome application" about_text = file("${path.module}/files/ABOUT.md") usage_text = file("${path.module}/files/USAGE.md") operating_systems = ["Linux"] architectures = ["x86", "ARM 64"] logo_image_blob = filebase64("${path.module}/files/logo.png") } tags = { Terraform = "true" Environment = "production" } } # Outputs # repository_arn = "arn:aws:ecr-public::012345678901:repository/my-public-image" # repository_url = "public.ecr.aws/x1y2z3a4/my-public-image" ``` -------------------------------- ### Create Private ECR Repository Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/README.md Use this snippet to create a private ECR repository with a lifecycle policy for managing image versions. Specify read/write access ARNs and tags. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "private-example" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] repository_lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1, description = "Keep last 30 images", selection = { tagStatus = "tagged", tagPrefixList = ["v"], countType = "imageCountMoreThan", countNumber = 30 }, action = { type = "expire" } } ] }) tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Create Private ECR Repository Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Use this snippet to create a private ECR repository with specified access controls, lifecycle policies for image retention, and immutable tag mutability. Ensure IAM roles for access are correctly defined. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "my-application" # Grant read/write access to specific IAM roles repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] # Grant read-only access to additional roles repository_read_access_arns = ["arn:aws:iam::012345678901:role/readonly-role"] # Configure lifecycle policy to manage image retention repository_lifecycle_policy = jsonencode({ rules = [ { rulePriority = 1, description = "Keep last 30 images", selection = { tagStatus = "tagged", tagPrefixList = ["v"], countType = "imageCountMoreThan", countNumber = 30 }, action = { type = "expire" } } ] }) # Enable image scanning on push repository_image_scan_on_push = true # Set tag mutability (IMMUTABLE prevents tag overwrites) repository_image_tag_mutability = "IMMUTABLE" tags = { Terraform = "true" Environment = "production" } } # Outputs # repository_arn = "arn:aws:ecr:us-east-1:012345678901:repository/my-application" # repository_url = "012345678901.dkr.ecr.us-east-1.amazonaws.com/my-application" # repository_name = "my-application" ``` -------------------------------- ### Terragrunt Configuration for ECR Repository Template Wrapper Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/repository-template/README.md Use this configuration in a `terragrunt.hcl` file to manage multiple ECR repositories. It leverages the wrapper module to avoid duplicating configuration files. ```hcl terraform { source = "tfr:///terraform-aws-modules/ecr/aws//wrappers/repository-template" # Alternative source: # source = "git::git@github.com:terraform-aws-modules/terraform-aws-ecr.git//wrappers/repository-template?ref=master" } inputs = { defaults = { # Default values create = true tags = { Terraform = "true" Environment = "dev" } } items = { my-item = { # omitted... can be any argument supported by the module } my-second-item = { # omitted... can be any argument supported by the module } # omitted... } } ``` -------------------------------- ### Terragrunt Configuration for ECR Module Wrapper Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/wrappers/README.md Use this configuration in your `terragrunt.hcl` file to manage multiple ECR repositories. It leverages the wrapper module to define default values and specific configurations for each item. ```hcl terraform { source = "tfr:///terraform-aws-modules/ecr/aws//wrappers" # Alternative source: # source = "git::git@github.com:terraform-aws-modules/terraform-aws-ecr.git//wrappers?ref=master" } inputs = { defaults = { # Default values create = true tags = { Terraform = "true" Environment = "dev" } } items = { my-item = { # omitted... can be any argument supported by the module } my-second-item = { # omitted... can be any argument supported by the module } # omitted... } } ``` -------------------------------- ### Configure ECR Repository with KMS Encryption Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt This configuration creates an ECR repository secured with AWS KMS encryption. It requires specifying the KMS key ARN and enables the `repository_force_delete` option for easier management, even with existing images. ```hcl module "ecr_encrypted" { source = "terraform-aws-modules/ecr/aws" repository_name = "encrypted-repository" # Enable KMS encryption repository_encryption_type = "KMS" repository_kms_key = "arn:aws:kms:us-east-1:012345678901:key/12345678-1234-1234-1234-123456789012" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] # Allow force delete even if repository contains images repository_force_delete = true tags = { Terraform = "true" Environment = "production" Compliance = "required" } } ``` -------------------------------- ### Create Public ECR Pull Through Cache Rule Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/modules/repository-template/README.md Use this snippet to create a pull-through cache rule for public ECR repositories. It requires specifying the upstream registry URL. ```hcl module "ecr-repository-template" { source = "terraform-aws-modules/ecr/aws//modules/repository-template" # Template description = "Pull through cache repository template for Karpenter public ECR artifacts" prefix = "ecr-public" create_repository_policy = true # Pull through cache rule upstream_registry_url = "public.ecr.aws" tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Create Private ECR Pull Through Cache Rule Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/modules/repository-template/README.md Configure a pull-through cache rule for private ECR repositories, including the upstream registry URL and a credential ARN for authentication. ```hcl module "ecr-repository-template" { source = "terraform-aws-modules/ecr/aws//modules/repository-template" # Template description = "Pull through cache repository template for NGINX Dockerhub artifacts" prefix = "docker-hub" # Pull through cache rule upstream_registry_url = "registry-1.docker.io" credential_arn = aws_secretsmanager_secret.ecr_pull_through_cache.arn tags = { Terraform = "true" Environment = "dev" } } ``` -------------------------------- ### Define Custom Repository Policy Statements for ECR Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Configure custom IAM policy statements for fine-grained access control to ECR repositories, allowing for more specific permissions than built-in patterns. Ensure `create_repository_policy` is set to `true`. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "custom-policy-repo" # Use custom policy statements instead of built-in access ARNs create_repository_policy = true repository_policy_statements = { cross_account_pull = { sid = "CrossAccountPull" effect = "Allow" actions = [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ] principals = [ { type = "AWS" identifiers = ["arn:aws:iam::111122223333:root"] } ] } ci_push = { sid = "CIPush" effect = "Allow" actions = [ "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability" ] principals = [ { type = "AWS" identifiers = ["arn:aws:iam::012345678901:role/github-actions"] } ] conditions = [ { test = "StringEquals" variable = "aws:PrincipalTag/Environment" values = ["production"] } ] } } tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Configure Cross-Region Replication for ECR Registry Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Sets up cross-region replication for ECR repositories to automatically replicate container images to specified AWS regions. Filters can be applied to replicate only specific images. ```hcl module "ecr_registry" { source = "terraform-aws-modules/ecr/aws" create_repository = false # Enable replication configuration create_registry_replication_configuration = true registry_replication_rules = [ { # Replicate to multiple regions destinations = [ { region = "us-west-2" registry_id = "012345678901" }, { region = "eu-west-1" registry_id = "012345678901" } ] # Only replicate production images repository_filters = [ { filter = "prod-" filter_type = "PREFIX_MATCH" } ] } ] tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Configure Enhanced Scanning for ECR Registry Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Enables enhanced vulnerability scanning for ECR repositories using Amazon Inspector. Configure scan frequencies and repository filters for different image types. ```hcl module "ecr_registry" { source = "terraform-aws-modules/ecr/aws" create_repository = false # Enable enhanced scanning configuration manage_registry_scanning_configuration = true registry_scan_type = "ENHANCED" # Configure scan rules with filters registry_scan_rules = [ { # Scan on push for production images scan_frequency = "SCAN_ON_PUSH" filter = [ { filter = "prod-*" filter_type = "WILDCARD" }, { filter = "release-*" filter_type = "WILDCARD" } ] }, { # Continuous scanning for critical applications scan_frequency = "CONTINUOUS_SCAN" filter = [ { filter = "critical-*" filter_type = "WILDCARD" } ] } ] tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Configure Lambda Access to ECR Source: https://context7.com/terraform-aws-modules/terraform-aws-ecr/llms.txt Grant AWS Lambda service read access to ECR repositories, enabling Lambda functions to pull container images directly. Specify the ARNs of the Lambda functions that require access. ```hcl module "ecr" { source = "terraform-aws-modules/ecr/aws" repository_name = "lambda-container" repository_read_write_access_arns = ["arn:aws:iam::012345678901:role/terraform"] # Grant Lambda service access to pull images repository_lambda_read_access_arns = [ "arn:aws:lambda:us-east-1:012345678901:function:my-function", "arn:aws:lambda:us-east-1:012345678901:function:my-other-function" ] tags = { Terraform = "true" Environment = "production" } } ``` -------------------------------- ### Terraform Destroy Command Source: https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/examples/complete/README.md Command to remove all resources created by the Terraform configuration. Use when resources are no longer needed to avoid ongoing charges. ```bash terraform destroy ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.