-
Notifications
You must be signed in to change notification settings - Fork 0
/
ecr.json
89 lines (86 loc) · 2.84 KB
/
ecr.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"ReaderAccountList": {
"Type": "CommaDelimitedList",
"Description": "comma separated list of account-ids to grant access to these ecr repos"
}
},
"Resources": {
{% for item in stackVariables.ecrRepoList %}
"{{ item.resourceName }}": {
"Type" : "AWS::ECR::Repository",
"Properties" : {
"ImageScanningConfiguration" : {
"scanOnPush": true
},
"ImageTagMutability" : "MUTABLE",
"LifecyclePolicy" : {
"LifecyclePolicyText": {# nunjucks json stringify: #}{{
{
"rules": [
{
"rulePriority": 1,
"description": "age out git dev tags",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": [
"gitsha_",
"gitbranch_",
"gitpr_"
],
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 7
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 2,
"description": "age out untagged images",
"selection": {
"tagStatus": "untagged",
"countType": "imageCountMoreThan",
"countNumber": 5
},
"action": {
"type": "expire"
}
}
]
} | dump | dump
}}
},
"RepositoryName" : "{{ item.repoName }}",
"RepositoryPolicyText" : {
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowCrossAccountPull",
"Effect": "Allow",
"Principal": {
"AWS": { "Ref": "ReaderAccountList" }
},
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
]
}
]
},
"Tags": [
{ "Key": "Name", "Value": "{{ item.repoName }}" },
{{ stackTagsStr }}
]
}
}
{% if not loop.last %} , {% endif %}
{% endfor %}
},
"Outputs": {
}
}