terraform tests

Terraform module for AWS to create a lambda for syncing images
between private aws/ecr and public ecrs like dockerhub/

Docker images lambda function

  • docker pull

see the source repo

configure repositories to sync using tags

Configure repository to sync using tags on repositories see the full example and the source repo of the lambda

module "ecrImageSync" {
  source = "../"

  docker_hub_credentials  = var.docker_hub_credentials // optional
  ecr_repository_prefixes = distinct([for repo, tags in local.ecr_repositories : regex("^(\\w+)/.*$", repo)[0] if try(tags.source, "") != ""])

  // source container image: docker pull
  lambda_function_settings = {
    container_uri = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${}"

    event_rules = {

      scheduled_event = {
        schedule_expression = "cron(0 7 * * ? *)"

    sync_settings = {
      check_digest    = true // wether or not to compare image digest when same tag is found on ecr and public repo
      concurrent      = 10 // max concurrent syncs
      max_results     = 5 // max tag search result
      slack_errors_only = true // only errors to slack
      slack_channel_id  = "" // optional slack channel id


No requirements.


Name Version
aws n/a
random n/a


Name Description Type Default Required
docker_hub_credentials Dockerhub credentials: {"username":"docker_username","password":"docker_password"} string null no
docker_hub_credentials_sm_item_name AWS Secretsmanager item name for dockerhub credentials string "docker-hub-ecr-image-sync" no
ecr_repository_prefixes List of ECR repository prefixes to give the lambda function access for pushing images to list(string) null no
lambda_function_settings Lambda function options
name = optional(string, "ecr-image-sync")
container_uri = optional(string, null)
timeout = optional(number, 900)
zip_file_folder = optional(string, "dist")
event_rules = optional(object({
payload_updated = optional(object({
description = optional(string, "Capture all updated input JSON events: ECRImageSyncScheduledEvent")
is_enabled = optional(bool, false)
}), {}),
repository_tags = optional(object({
description = optional(string, "Capture each ECR repository tag changed event")
is_enabled = optional(bool, true)
}), {})
scheduled_event = optional(object({
description = optional(string, "CloudWatch schedule for synchronization of the public Docker images.")
is_enabled = optional(bool, true)
schedule_expression = optional(string, "cron(0 6 * * ? *)")
}), {})
}), {})
sync_settings = optional(object({
check_digest = optional(bool, true)
concurrent = optional(number, 5)
max_results = optional(number, 100)
}), {})
{} no
s3_workflow S3 bucket workflow options
bucket = optional(string, "ecr-image-sync")
codebuild_project_name = optional(string, "ecr-image-sync")
codepipeline_name = optional(string, "ecr-image-sync")
crane_version = optional(string, "v0.11.0")
create_bucket = optional(bool, false)
debug = optional(bool, false)
enabled = optional(bool, false)
{} no
tags A mapping of tags assigned to the resources map(string) null no


No output.