Skip to content

Releases: cloudposse/terraform-aws-ecr

0.3.0: Reinvent permissions to ECR (#21)

29 Jan 16:11
@goruha goruha
0.3.0
daf7796
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.3.0: Reinvent permissions to ECR (#21)

What

  • Grant permission to access ECR using ECR policy with principal that have access to it. Basically, let ECR describe who can access it, rather than each user/role listing the modules they can access

Why

  • To solve IAM limit problem (more scalable strategy and probably the way we should have done it from the get go)

Breaking changes

  • Variable roles replaced with principals_full_access or principals_readonly_access and expects list or role\user arns as value
  • User should have permissions
data "aws_iam_policy_document" "login" {
  statement {
    sid       = "ECRGetAuthorizationToken"
    effect    = "Allow"
    actions   = ["ecr:GetAuthorizationToken"]
    resources = ["*"]
  }
}
  • We removed policies that provide access to the registry. (policy_login_name, policy_login_arn, policy_read_name, policy_read_arn, policy_write_name, policy_write_arn).
    So you do not need to attach the policies to IAM role\user. Please provide IAM role\user arn as variable principals_full_access or principals_readonly_access depend on what type of access to you need.

Example:

module "kops_ecr" {
  source       = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.2.11"
  name         = "${var.name}"
  namespace    = "${var.namespace}"
  stage        = "${var.stage}"
  use_fullname = "${var.use_fullname}"

  roles = [
    "${module.kops_metadata.masters_role_name}",
    "${module.kops_metadata.nodes_role_name}",
  ]
}

resource "aws_iam_policy_attachment" "login" {
  count      = "${signum(length(var.users))}"
  name       = "${module.label.id}"
  users      = ["${var.users}"]
  policy_arn = "${module.kops_ecr.policy_login_arn}"
}

now should be

module "kops_ecr" {
  source       = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.3.0"
  name         = "${var.name}"
  namespace    = "${var.namespace}"
  stage        = "${var.stage}"
  use_fullname = "${var.use_fullname}"

  principals_readonly_access = [
    "${module.kops_metadata.masters_role_arn}",
    "${module.kops_metadata.nodes_role_arn}",
  ]

  principals_full_access =  [
    "${var.users_arns}"
  ]
}
Assets 2
Loading

0.2.13 Update readme yaml file and rebuild md

06 Dec 13:23
@solairerove solairerove
0.2.13
c86a99e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.2.13 Update readme yaml file and rebuild md

what

  • updated README.yaml file
  • add tags and categories
  • rebuild README.md file

why

  • need to add categories and tags so we can pull them into the documentation
Assets 2
Loading

0.2.12: Replace kops-ecr with ecr (this module) (#19)

18 Oct 18:50
@osterman osterman
0.2.12
be9f084
Compare
Choose a tag to compare
0.2.12: Replace kops-ecr with ecr (this module) (#19) 
* Replace kops-ecr with ecr (this module)

I'm guessing this got copy pasted from cloudposse/terraform-aws-kops-ecr :)

* Rebuild README
Assets 2
Loading

0.2.11: Added ability to use short name of ecr (#18)

07 Oct 18:40
@goruha goruha
0.2.11
9f806de
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.2.11: Added ability to use short name of ecr (#18) 
* Added ability to use short name of ecr

* Rebuild readme

* Address PR comments
Assets 2
Loading

0.2.10

17 Aug 20:06
@goruha goruha
0.2.10
2b2b6d7
Compare
Choose a tag to compare
0.2.10 
fix: correct policy descriptions (#15)
Assets 2
Loading

Regenerate README.md

27 Jul 14:08
@vadim-hleif vadim-hleif
0.2.9
56e7662
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Regenerate README.md

what

  • Regenerate README.md

why

  • Previous version of build-harness has some typos
Assets 2
Loading

Fix readme

12 Jul 08:27
@vadim-hleif vadim-hleif
0.2.8
58ab814
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix readme

What

  • Change releases badge link
  • Re-render readme

Why

  • Badge has wrong url
  • Old template has a bug so avatars links were broken
Assets 2
Loading

0.2.7: (Migrate to README.yaml format)

05 Jul 12:48
@vadim-hleif vadim-hleif
0.2.7
4938b5f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.2.7: (Migrate to README.yaml format)

what

  • Add README.yaml

why

  • Standardize README
Assets 2
Loading

Expose Policies to bind access by the module caller

02 Jul 17:31
@goruha goruha
0.2.6
247bf00
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Expose Policies to bind access by the module caller 
Merge pull request #11 from cloudposse/feature-expose-policies

Feature expose policies
Assets 2
Loading

0.2.5

13 Feb 03:50
@aknysh aknysh
0.2.5
a186042
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.2.5

what

  • Changed resources of aws_iam_policy_document to wildcard

why

  • To prevent data races (#8) due to circular dependencies
Assets 2
Loading