Merge pull request #11 from ministryofjustice/add/lifecycle-policy

Add/lifecycle policy
ministryofjustice · Feb 7, 2019 · 9511337 · 9511337
2 parents 503da48 + 4f8540e
commit 9511337
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ module "best_team_ecr_credentials" {
 |------|-------------|:----:|:-----:|:-----:|
 | repo_name | name of the repository to be created | string | - | yes |
 | team_name | name of the team creating the credentials | string | - | yes |
+| enable_policy | Sets a ECR lifecycle policy to delete every image after count 40 | string | true | yes |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -5,6 +5,30 @@ resource "aws_ecr_repository" "repo" {
   name = "${var.team_name}/${var.repo_name}"
 }
 
+resource "aws_ecr_lifecycle_policy" "lifecycle_policy" {
+  count      = "${var.enable_policy ? 1 : 0}"
+  repository = "${aws_ecr_repository.repo.name}"
+
+  policy = <<EOF
+{
+    "rules": [
+        {
+            "rulePriority": 2,
+            "description": "Expire images over count 40",
+            "selection": {
+                "tagStatus": "any",
+                "countType": "imageCountMoreThan",
+                "countNumber": 40
+            },
+            "action": {
+                "type": "expire"
+            }
+        }
+    ]
+}
+EOF
+}
+
 resource "random_id" "user" {
   byte_length = 8
 }

diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,8 @@
 variable "repo_name" {}
 
 variable "team_name" {}
+
+variable "enable_policy" {
+  description = "Sets a ECR lifecycle policy to delete every image after count 40. Default is true."
+  default     = true
+}