| resource "aws_ecr_repository" "trustedfirmware_fvp" { |
| name = "fvp" |
| image_tag_mutability = "MUTABLE" |
| } |
| |
| |
| resource "aws_iam_role" "ecr_pushpull_role" { |
| name = "ecr_pushpull_role" |
| description = "Read/Write access to ECR" |
| assume_role_policy = <<EOF |
| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Effect": "Allow", |
| "Principal": { |
| "AWS": [ "987685672616", |
| "arn:aws:iam::487149096843:user/vault" |
| ] |
| }, |
| "Action": "sts:AssumeRole" |
| } |
| ] |
| } |
| EOF |
| } |
| |
| resource "aws_iam_role_policy" "ecr_pushpull_policy" { |
| name = "ecr_pushpull_policy" |
| role = aws_iam_role.ecr_pushpull_role.id |
| |
| policy = <<EOF |
| { |
| "Version": "2008-10-17", |
| "Statement": [ |
| { |
| "Sid": "AllowPushPull", |
| "Effect": "Allow", |
| "Resource": "*", |
| "Action": [ |
| "ecr:BatchGetImage", |
| "ecr:BatchCheckLayerAvailability", |
| "ecr:CompleteLayerUpload", |
| "ecr:GetAuthorizationToken", |
| "ecr:GetDownloadUrlForLayer", |
| "ecr:InitiateLayerUpload", |
| "ecr:ListImages", |
| "ecr:PutImage", |
| "ecr:UploadLayerPart" |
| ] |
| } |
| ] |
| } |
| EOF |
| } |
| |