ECR definition
initial import
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Change-Id: Ibac2fae32cea92b10b672a4ed36429758d068dcf
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..7c19856
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=review.trustedfirmware.org
+port=29418
+project=ci/terraform
diff --git a/ecr.tf b/ecr.tf
new file mode 100644
index 0000000..5b70572
--- /dev/null
+++ b/ecr.tf
@@ -0,0 +1,59 @@
+provider "aws" {
+ region = "us-east-1"
+}
+
+resource "aws_ecr_repository" "trustedfirmware_fvp" {
+ name = "fvp"
+ image_tag_mutability = "MUTABLE"
+}
+
+
+resource "aws_iam_role" "ecr_pushpull_role" {
+ name = "ecr_pushpull_role"
+ description = "Read/Write access to ECR"
+ assume_role_policy = <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": [ "987685672616",
+ "arn:aws:iam::487149096843:user/vault"
+ ]
+ },
+ "Action": "sts:AssumeRole"
+ }
+ ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "ecr_pushpull_policy" {
+ name = "ecr_pushpull_policy"
+ role = aws_iam_role.ecr_pushpull_role.id
+
+ policy = <<EOF
+{
+ "Version": "2008-10-17",
+ "Statement": [
+ {
+ "Sid": "AllowPushPull",
+ "Effect": "Allow",
+ "Resource": "*",
+ "Action": [
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:BatchGetImage",
+ "ecr:BatchCheckLayerAvailability",
+ "ecr:GetAuthorizationToken",
+ "ecr:PutImage",
+ "ecr:InitiateLayerUpload",
+ "ecr:UploadLayerPart",
+ "ecr:CompleteLayerUpload"
+ ]
+ }
+ ]
+}
+EOF
+}
+