AWS ECR Creation using Terraform

Creating AWS ECR Programmatically

What is an ECR?

Amazon ECR (Elastic Container Registry) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere.

ECR can be used to store docker images and they can be versioned as well. ECR allows us to scan them for vulnerability as well. Both AWS ECS (Elastic Container Service) and AWS EKS (Elastic Kubernetes Service) can use the ECR for its container images.

Amazon’s typical ECR setup:

Image source: Amazon

Create ECR using Terraform

ECR can be easily created using AWS console however production environment may expect you to deploy ECRs using code. Terraform is commonly used for various cloud services. We will see below how it can be used for the same.

What we will need

We will need Terraform downloaded locally and setup to connect to use your free tier AWS account. We will also need one S3 bucket to store the terraform state files.

The following terraform files will be needed

1. ecr.tf — configure the provider and repository settings
2. locals.tf (optional) — configure the tags values
3. variables.tf (optional) — define the variables used in ecr.tf
4. <env>.tfvars — set environment specific variables defined in variables.tf

ecr.tf

provider "aws" {
    region  = var.aws_region
}

terraform {
    backend "s3" {}
}

resource "aws_ecr_repository" "repository" {
    name             = var.ecr_name
    tags             = local.tags
    image_scanning_configuration {
        scan_on_push = true
    }
}

locals.tf

locals {
    tags = {
        "Name" = "ecs-dev"
        "AWSAccount" = var.aws_account_id
        "Environamnet" = var.logical_env
      
    }
}

variables.tf

#Environment
variable "aws_account_id" {}
variable "aws_region" {}
variable "logical_env" {}

#Ecr
variable "ecr_name" {}

env/edev.tfvars

#Environment
aws_account_id = "myaccount" <--- can be actual AWS account id
logical_env = "dev"
aws_region = "us-west-2"

#Ecr
ecr_name = "test_ecr"

Terraform run commands

1. Setup some initial variables

export base_path="/home/ec2-user/ecr"
exportenv_name="dev"
export terraform_state_bucket=s3-bucket-for-tfstate
export backend_region="-backend-config="region=us-west-2"
export backend_bucket="-backend-config="bucket=${terraform_state_bucket}""
export backend_key="-backend-config="key=tfstate/ecr/terraform.tfstate""
export var_file="-var-file=env/${env_name}.tfvars"
export workspace_name="ecr-${env_name}"

2. Terraform init

terraform init ${var_file} ${backend_region} ${backend_bucket} ${backend_key} -input=false

3. Terraform workspace select

terraform workspace select ${workspace_name} || terraform workspace new ${workspace_name}

4. Terraform plan

terraform plan ${var_file} -input=false

5. Terraform apply

#If terraform plan is successful then run below command
terraform apply ${var_file} -auto-approve

6. Terraform destroy

#Cleanup and remove the ECR
terraform destroy ${var_file} -auto-approve

This way you can easily create the ECR using Terraform and publish the same in any environment.

TIP: Above commands can be scripted and easily automated in wrapper scripted or say CI/CD pipeline using Jenkins.

Hope this helps!

Thanks, and good luck with AWS ECRs.