【Terraform】Terraform ~ AWS ECR ~

■ はじめに

Amazon Elastic Container Registry (ECR) を、Terraform で作る。

なお、ECRについては、以下の関連記事を参照のこと。

Amazon ECR ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2020/05/22/165711
Amazon ECR ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2020/05/26/142645

目次

【1】公式ドキュメント
 1)Resource: aws_ecr_repository
 2)Resource: aws_ecr_lifecycle_policy
【2】サンプル
【3】AWS ECR あれこれ
 1)コンテナイメージを push するには

【1】公式ドキュメント

1)Resource: aws_ecr_repository

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository

2)Resource: aws_ecr_lifecycle_policy

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy

【2】サンプル

resource "aws_ecr_repository" "demo_ecr_repository" {
  name = "demo-ecr-repository"
  # The tag mutability setting for the repository. 
  # MUTABLE or IMMUTABLE
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}

【3】AWS ECR あれこれ

1)コンテナイメージを push するには

https://qiita.com/hayaosato/items/d6049cf68c84a26845d2

の null_resource が使えそう

null_resource
https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource

# パラメータ
locals {
  aws_region= "us-west-2"
  server_name = "xxx.xxx.us-west-2.amazonaws.com"
  image_name = "hello-world-ecr-repository"
  docker_dir = "."
}

# コンテナイメージを push する
resource "null_resource" "default" {

  # Step1: ECRにログインする
  # About "get-login-password", see https://awscli.amazonaws.com/v2/documentation/api/2.0.34/reference/ecr/get-login-password.html
  # About "aws ecr get-login", see https://docs.docker.jp/engine/reference/commandline/build.html
  provisioner "local-exec" {
    command = "$(aws ecr get-login --region ${local.aws_region} | docker login --username AWS --password-stdin  ${local.server_name})"
  }

  # Step2: 作成したDockerfileをビルドする
  # About "docker build", see https://docs.docker.jp/engine/reference/commandline/build.html
  provisioner "local-exec" {
    command = "docker build -t ${local.image_name} ${local.docker_dir}"
  }

  # Step3: タグづけする
  # About "docker tag", see https://docs.docker.jp/engine/reference/commandline/tag.html
  provisioner "local-exec" {
    command = "docker tag ${local.image_name}:latest ${aws_ecr_repository.demo_ecr_repository.repository_url}"
  }

  # Step4: ECRにプッシュする
  # About "docker push", see https://docs.docker.jp/engine/reference/commandline/push.html
  provisioner "local-exec" {
    command = "docker push ${aws_ecr_repository.demo_ecr_repository.repository_url}"
  }
}

参考文献

https://book.st-hakky.com/docs/infra-terraform-aws-ecr/

関連記事

Terraform ~ 環境構築編 ~
https://dk521123.hatenablog.com/entry/2023/04/05/000224
Terraform ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2019/12/09/222057
Terraform ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2023/05/03/000000
Terraform ~ 基本編 / Module ~
https://dk521123.hatenablog.com/entry/2023/05/19/113544
Terraform ~ Terraformあれこれ ~
https://dk521123.hatenablog.com/entry/2023/05/15/205352
Terraform ~ AWS S3 ~
https://dk521123.hatenablog.com/entry/2023/04/09/104204
Terraform ~ AWS IAM ~
https://dk521123.hatenablog.com/entry/2023/04/12/214311
Terraform ~ AWS Glue ~
https://dk521123.hatenablog.com/entry/2023/04/08/220411
Terraform ~ AWS Secrets Manager ~
https://dk521123.hatenablog.com/entry/2023/04/11/152801
Terraform ~ AWS CloudWatch ~
https://dk521123.hatenablog.com/entry/2023/05/17/123335
Terraform ~ AWS EC2 ~
https://dk521123.hatenablog.com/entry/2023/05/21/003048
Amazon ECR ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2020/05/22/165711
Amazon ECR ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2020/05/26/142645
Amazon ECR でのトラブルシューティング
https://dk521123.hatenablog.com/entry/2020/05/24/000000
Docker ~ 基本編 / レポジトリに関するコマンド ~
https://dk521123.hatenablog.com/entry/2023/01/21/000000