feat: Add KMS functionality

geekcell · Jul 2, 2024 · 6f59a18 · 6f59a18
1 parent dcff901
commit 6f59a18
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -55,8 +55,10 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_encryption_type"></a> [encryption\_type](#input\_encryption\_type) | The encryption type to use for the repository. | `string` | `"AES256"` | no |
 | <a name="input_force_delete"></a> [force\_delete](#input\_force\_delete) | Delete the repository even if it contains images. | `bool` | `false` | no |
 | <a name="input_image_tag_mutability"></a> [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. | `string` | `"MUTABLE"` | no |
+| <a name="input_kms_key"></a> [kms\_key](#input\_kms\_key) | The ARN of the KMS key to use for encryption. | `string` | `null` | no |
 | <a name="input_lifecycle_rules"></a> [lifecycle\_rules](#input\_lifecycle\_rules) | Lifecycle policy rules for expiring images. | <pre>list(object({<br>    description     = optional(string)<br>    tag_status      = optional(string)<br>    tag_prefix_list = optional(list(string))<br>    count_type      = string<br>    count_unit      = optional(string)<br>    count_number    = number<br>  }))</pre> | <pre>[<br>  {<br>    "count_number": 30,<br>    "count_type": "imageCountMoreThan",<br>    "description": "Keep the last 30 tagged images",<br>    "tag_prefix_list": [<br>      "sha"<br>    ],<br>    "tag_status": "tagged"<br>  },<br>  {<br>    "count_number": 10,<br>    "count_type": "sinceImagePushed",<br>    "count_unit": "days",<br>    "description": "Expire untagged images older than 10 days",<br>    "tag_status": "untagged"<br>  }<br>]</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the ECR repository. | `string` | n/a | yes |
 | <a name="input_policy"></a> [policy](#input\_policy) | Repository policy document in JSON format. | `string` | `null` | no |
@@ -80,18 +82,18 @@ benefits of a lifecycle policy, all with just a few simple commands. Try it out
 
 ## Resources
 
-- resource.aws_ecr_lifecycle_policy.main (main.tf#38)
+- resource.aws_ecr_lifecycle_policy.main (main.tf#43)
 - resource.aws_ecr_repository.main (main.tf#19)
-- resource.aws_ecr_repository_policy.main (main.tf#31)
-- data source.jq_query.main (main.tf#47)
+- resource.aws_ecr_repository_policy.main (main.tf#36)
+- data source.jq_query.main (main.tf#52)
 
 # Examples
-### Full
-```hcl
-module "basic_example" {
-  source = "../../"
+  ### Full
+  ```hcl
+  module "basic_example" {
+  source = "../.."
 
   name = var.name
 }
-```
+  ```
 <!-- END_TF_DOCS -->
diff --git a/examples/basic-example/main.tf b/examples/basic-example/main.tf
@@ -1,5 +1,5 @@
 module "basic_example" {
-  source = "../../"
+  source = "../.."
 
   name = var.name
 }
diff --git a/main.tf b/main.tf
@@ -21,6 +21,11 @@ resource "aws_ecr_repository" "main" {
   image_tag_mutability = var.image_tag_mutability
   force_delete         = var.force_delete
 
+  encryption_configuration {
+    encryption_type = var.encryption_type
+    kms_key         = var.kms_key
+  }
+
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
   }

diff --git a/variables.tf b/variables.tf
@@ -11,26 +11,26 @@ variable "tags" {
 }
 
 ## REPOSITORY
+variable "encryption_type" {
+  description = "The encryption type to use for the repository."
+  default     = "AES256"
+  type        = string
+}
+
 variable "image_tag_mutability" {
   description = "The tag mutability setting for the repository."
   default     = "MUTABLE"
   type        = string
 }
 
-variable "scan_on_push" {
-  description = "Indicates whether images are scanned after being pushed to the repository."
-  default     = true
-  type        = bool
-}
-
 variable "force_delete" {
   description = "Delete the repository even if it contains images."
   default     = false
   type        = bool
 }
 
-variable "policy" {
-  description = "Repository policy document in JSON format."
+variable "kms_key" {
+  description = "The ARN of the KMS key to use for encryption."
   default     = null
   type        = string
 }
@@ -62,3 +62,15 @@ variable "lifecycle_rules" {
     count_number    = number
   }))
 }
+
+variable "policy" {
+  description = "Repository policy document in JSON format."
+  default     = null
+  type        = string
+}
+
+variable "scan_on_push" {
+  description = "Indicates whether images are scanned after being pushed to the repository."
+  default     = true
+  type        = bool
+}