ECR
Registry
name = "test"
test_registry = aws.ecr.Repository(
f"{name}-ecr",
name=name,
encryption_configurations=[aws.ecr.RepositoryEncryptionConfigurationArgs()],
image_scanning_configuration=aws.ecr.RepositoryImageScanningConfigurationArgs(
scan_on_push=False,
),
opts=pulumi.ResourceOptions(protect=True),
tags={
"Name": name,
"Stack": variable.stack_name,
},
)
Replication
- A->B로 B->C로 복제 설정을 한다고 해서 전파되지는 않습니다. 이런 경우 A->B, A->C로 구성해야 합니다.
- 삭제는 전파되지 않습니다.
From
to_account_id = "<account_id>"
to_region = "<region>"
aws.ecr.ReplicationConfiguration(
"ecr-replication",
replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(
rules=[
aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(
destinations=[
aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(
registry_id=to_account_id,
region=to_region,
)
],
# repository_filters=[
# aws.ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs(
# filter="<prefix>",
# filter_type="PREFIX_MATCH",
# )
# ],
)
]
),
opts=pulumi.ResourceOptions(protect=True),
)
To
from_account_id = "<account_id>"
from_region = "<region>"
to_account_id = "<account_id>"
to_region = "<region>"
aws.ecr.RegistryPolicy(
"ecr-registry-policy",
policy=json.dumps(
{
"Statement": [
{
"Action": ["ecr:CreateRepository", "ecr:ReplicateImage"],
"Effect": "Allow",
"Principal": {"AWS": f"arn:aws:iam::{from_account_id}:root"},
"Resource": f"arn:aws:ecr:{to_region}:{to_account_id}:repository/*",
"Sid": f"{from_account_id}-ECR",
}
],
"Version": "2012-10-17",
}
),
opts=pulumi.ResourceOptions(protect=True),
)