TerraformでAWSのリソースを一通り作ってみたいので今回はECRを作成する。
実践!
1.tfファイル作成
provider "aws" { region = "ap-northeast-1" profile = "testvault" } variable "env" { default = { env_name = "test" vpc_cidr = "10.0.0.0/16" sb_az1a = "ap-northeast-1a" sb_az1a_cidr = "10.0.1.0/24" sb_az1c = "ap-northeast-1c" sb_az1c_cidr = "10.0.2.0/24" } } resource "aws_ecr_repository" "this" { name = "${var.env.env_name}_my-repo" # リポジトリの名前 image_tag_mutability = "MUTABLE" # タグのミュータビリティ: "MUTABLE" または "IMMUTABLE" image_scanning_configuration { scan_on_push = true # イメージをプッシュするたびにスキャンを有効にするかどうか } } resource "aws_ecr_lifecycle_policy" "this" { repository = aws_ecr_repository.this.name policy = jsonencode({ rules = [ { rulePriority = 1 description = "Expire images older than 30 days" selection = { tagStatus = "untagged" countType = "sinceImagePushed" countUnit = "days" countNumber = 30 } action = { type = "expire" } } ] }) } output "repository_url" { value = aws_ecr_repository.this.repository_url }
2.適用
# terraform plan # terraform apply
3.確認
# aws ecr describe-repositories --profile testvault | jq ".repositories[] | .repositoryName" "test_my-repo"
4.後始末
# terraform destroy
感想
まぁ作成だけなら楽勝ですな( ゚Д゚)