When AWS Lambda is deployed with container image source, that image must already
exist. This makes deployment of such a function with terraform complicated: first
terraform apply should create a ECR repository, then some other CI pipeline
should build and push an image, and only then a lambda can be created.
This module streamlines this process by pushing some tiny image as a placeholder.
Idea and the initial code was borrowed from this StackOverflow answer, but the implementation was significantly rewritten.
Push a dummy Alpine image to a newly created ECR repository:
provider "aws" {
region = "us-east-2"
}
provider "aws" {
region = "us-east-1"
alias = "aws.virginia"
}
resource "aws_ecr_repository" "example" {
name = "example"
}
module "ecr_repo_image" {
source = "sterliakov/ecr-image/aws"
version = "0.2.0"
providers = {
aws.main = aws
aws.virginia = aws.virginia
}
push_ecr_is_public = false
push_repo_fqdn = replace(aws_ecr_repository.example.repository_url, "//.*$/", "") # remove everything after first slash
push_repo_name = aws_ecr_repository.example.name
push_image_tag = "deployed"
}- This module needs two provider aliases:
aws.mainandaws.virginia. They may refer to the same provider.aws.virginiamust be inus-east-1region.aws.mainshould be the provider for region where your repository is located. - This module only works under Linux.
- Destroying this module does not remove the pushed image from the repository. Consider
setting
force_delete = Trueon theaws_ecr_repositoryresource if you want to remove the repository with terraform later. - This module needs
curlandjqonPATH. Ifjqare missing, it will fetch and installjq 1.7.1locally for the appropriate architecture.
- Lambda - Deploy a dummy image for Lambda (5 MB alpine by default)
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| pull_ecr_is_public | If the ECR repo we're pulling from is public (vs. private) | bool |
true |
no |
| pull_image_arch | The arch of the image we're pulling, e.g. amd64 | string |
"amd64" |
no |
| pull_image_tag | The tag of the image we're pulling, e.g. latest | string |
"3.20.3" |
no |
| pull_repo_fqdn | The FQDN of the ECR repo we're pulling from, e.g. public.ecr.aws | string |
"public.ecr.aws" |
no |
| pull_repo_name | The name of the ECR repo we're pulling from, e.g. my-repo | string |
"docker/library/alpine" |
no |
| push_ecr_is_public | If the ECR repo we're pushing to is public (vs. private) | bool |
false |
no |
| push_image_tag | The tag of the image we're pushing, e.g. latest | string |
n/a | yes |
| push_repo_fqdn | The FQDN of the ECR repo we're pushing to, e.g. 012345678910.dkr.ecr..amazonaws.com | string |
n/a | yes |
| push_repo_name | The name of the ECR repo we're pushing to, e.g. my-repo | string |
n/a | yes |
No modules.
No outputs.
| Name | Version |
|---|---|
| aws.main | >= 5.40.0 |
| aws.virginia | >= 5.40.0 |
| terraform | n/a |
| Name | Version |
|---|---|
| terraform | >= 1.7.0 |
| aws | >= 5.40.0 |
| Name | Type |
|---|---|
| terraform_data.ecr_repo_image | resource |
| aws_ecr_authorization_token.token | data source |
| aws_ecrpublic_authorization_token.token | data source |
Contributions are very welcomed!
Start by reviewing contribution guide and our code of conduct. After that, start coding and ship your changes by creating a new PR.
Apache 2 Licensed. See LICENSE for full details.
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}