Blame - ecr.tf - ci/terraform - TrustedFirmware Git Browser

blob: 2141b04e35f776a8d5efaf15c3a40d48fcad0ce8 [file] [log] [blame]

Riku Voipio	19fadfa	2020-07-02 09:05:50 +0300	[diff] [blame]	1	resource "aws_ecr_repository" "trustedfirmware_fvp" {
				2	name = "fvp"
				3	image_tag_mutability = "MUTABLE"
				4	}
				5
				6
				7	resource "aws_iam_role" "ecr_pushpull_role" {
				8	name = "ecr_pushpull_role"
				9	description = "Read/Write access to ECR"
				10	assume_role_policy = <<EOF
				11	{
				12	"Version": "2012-10-17",
				13	"Statement": [
				14	{
				15	"Effect": "Allow",
				16	"Principal": {
				17	"AWS": [ "987685672616",
				18	"arn:aws:iam::487149096843:user/vault"
				19	]
				20	},
				21	"Action": "sts:AssumeRole"
				22	}
				23	]
				24	}
				25	EOF
				26	}
				27
				28	resource "aws_iam_role_policy" "ecr_pushpull_policy" {
				29	name = "ecr_pushpull_policy"
				30	role = aws_iam_role.ecr_pushpull_role.id
				31
				32	policy = <<EOF
				33	{
				34	"Version": "2008-10-17",
				35	"Statement": [
				36	{
				37	"Sid": "AllowPushPull",
				38	"Effect": "Allow",
				39	"Resource": "*",
				40	"Action": [
				41	"ecr:GetDownloadUrlForLayer",
				42	"ecr:BatchGetImage",
				43	"ecr:BatchCheckLayerAvailability",
				44	"ecr:GetAuthorizationToken",
				45	"ecr:PutImage",
				46	"ecr:InitiateLayerUpload",
				47	"ecr:UploadLayerPart",
				48	"ecr:CompleteLayerUpload"
				49	]
				50	}
				51	]
				52	}
				53	EOF
				54	}
				55