feat: Add support for repository creation template

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.89.0
+    rev: v1.94.1
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

README.md

@@ -1,6 +1,6 @@
-# AWS ECR Terraform module
+# Amazon ECR Terraform module
 
-Terraform module which creates AWS ECR resources.
+Terraform module which creates Amazon ECR resources.
 
 ## Usage
 
@@ -187,20 +187,21 @@ Users of Terragrunt can achieve similar results by using modules provided in the
 Examples codified under the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-ecr/tree/master/examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
 
 - [Complete](https://github.com/terraform-aws-modules/terraform-aws-ecr/tree/master/examples/complete)
+- [Repository Template](https://github.com/terraform-aws-modules/terraform-aws-ecr/tree/master/examples/repository-template)
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.37 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 
 ## Modules
 
@@ -264,7 +265,7 @@ No modules.
 | <a name="output_repository_name"></a> [repository\_name](#output\_repository\_name) | Name of the repository |
 | <a name="output_repository_registry_id"></a> [repository\_registry\_id](#output\_repository\_registry\_id) | The registry ID where the repository was created |
 | <a name="output_repository_url"></a> [repository\_url](#output\_repository\_url) | The URL of the repository |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 
 ## License
 

examples/README.md

@@ -1,3 +1,4 @@
-# Terraform AWS ECR Examples
+# Terraform Amazon ECR Examples
 
 - [Complete](https://github.com/terraform-aws-modules/terraform-aws-ecr/tree/master/examples/complete)
+- [Repository Template](https://github.com/terraform-aws-modules/terraform-aws-ecr/tree/master/examples/repository-template)

examples/complete/README.md

@@ -1,4 +1,4 @@
-# Complete AWS ECR Example
+# Amazon ECR Complete Example
 
 Configuration in this directory creates:
 
@@ -22,19 +22,19 @@ $ terraform apply
 
 Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.37 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 
 ## Modules
 
@@ -69,6 +69,6 @@ No inputs.
 | <a name="output_repository_name"></a> [repository\_name](#output\_repository\_name) | Name of the repository |
 | <a name="output_repository_registry_id"></a> [repository\_registry\_id](#output\_repository\_registry\_id) | The registry ID where the repository was created |
 | <a name="output_repository_url"></a> [repository\_url](#output\_repository\_url) | The URL of the repository (in the form `aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName`) |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 
 Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/LICENSE).

examples/complete/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.37"
+      version = ">= 5.61"
     }
   }
 }

examples/repository-template/README.md

@@ -0,0 +1,66 @@
+# Amazon ECR Repository Template Example
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+You can validate this example by running the following commands:
+
+```bash
+# Ensure your local CLI is authenticated with ECR
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
+
+# Dockerhub pull through cache and repo creation
+docker pull <account-id>.dkr.ecr.us-east-1.amazonaws.com/dockerhub/library/nginx:latest
+
+# Public ECR pull through cache and repo creation
+docker pull <account-id>.dkr.ecr.us-east-1.amazonaws.com/public-ecr/docker/library/nginx:latest
+```
+
+Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../modules/repository-template | n/a |
+| <a name="module_dockerhub_pull_through_cache_repository_template"></a> [dockerhub\_pull\_through\_cache\_repository\_template](#module\_dockerhub\_pull\_through\_cache\_repository\_template) | ../../modules/repository-template | n/a |
+| <a name="module_public_ecr_pull_through_cache_repository_template"></a> [public\_ecr\_pull\_through\_cache\_repository\_template](#module\_public\_ecr\_pull\_through\_cache\_repository\_template) | ../../modules/repository-template | n/a |
+| <a name="module_secrets_manager_dockerhub_credentials"></a> [secrets\_manager\_dockerhub\_credentials](#module\_secrets\_manager\_dockerhub\_credentials) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
+
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-ecr/blob/master/LICENSE).

examples/repository-template/main.tf

@@ -0,0 +1,113 @@
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  region = "us-east-1"
+  name   = "ecr-ex-${basename(path.cwd)}"
+
+  account_id = data.aws_caller_identity.current.account_id
+
+  tags = {
+    Name       = local.name
+    Example    = local.name
+    Repository = "https://github.com/terraform-aws-modules/terraform-aws-ecr"
+  }
+}
+
+data "aws_caller_identity" "current" {}
+
+################################################################################
+# ECR Repository Template
+################################################################################
+
+module "public_ecr_pull_through_cache_repository_template" {
+  source = "../../modules/repository-template"
+
+  # Template
+  description   = "Pull through cache repository template for Public ECR artifacts"
+  prefix        = "public-ecr"
+  resource_tags = local.tags
+  lifecycle_policy = jsonencode({
+    rules = [
+      {
+        rulePriority = 1,
+        description  = "Keep last 30 images",
+        selection = {
+          tagStatus     = "tagged",
+          tagPrefixList = ["v"],
+          countType     = "imageCountMoreThan",
+          countNumber   = 30
+        },
+        action = {
+          type = "expire"
+        }
+      }
+    ]
+  })
+
+  # Pull through cache rule
+  create_pull_through_cache_rule = true
+  upstream_registry_url          = "public.ecr.aws"
+
+  tags = local.tags
+}
+
+module "dockerhub_pull_through_cache_repository_template" {
+  source = "../../modules/repository-template"
+
+  # Template
+  description   = "Pull through cache repository template for Dockerhub artifacts"
+  prefix        = "dockerhub"
+  resource_tags = local.tags
+
+  # Pull through cache rule
+  create_pull_through_cache_rule = true
+  upstream_registry_url          = "registry-1.docker.io"
+  credential_arn                 = module.secrets_manager_dockerhub_credentials.secret_arn
+
+  tags = local.tags
+}
+
+module "disabled" {
+  source = "../../modules/repository-template"
+
+  create = false
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "secrets_manager_dockerhub_credentials" {
+  source  = "terraform-aws-modules/secrets-manager/aws"
+  version = "~> 1.0"
+
+  # Secret names must contain 1-512 Unicode characters and be prefixed with ecr-pullthroughcache/
+  name_prefix = "ecr-pullthroughcache/dockerhub-credentials"
+  description = "Dockerhub credentials"
+
+  # For example only
+  recovery_window_in_days = 0
+  secret_string = jsonencode({
+    username    = "example"
+    accessToken = "YouShouldNotStoreThisInPlainText"
+  })
+
+  # Policy
+  create_policy       = true
+  block_public_policy = true
+  policy_statements = {
+    read = {
+      sid = "AllowAccountRead"
+      principals = [{
+        type        = "AWS"
+        identifiers = ["arn:aws:iam::${local.account_id}:root"]
+      }]
+      actions   = ["secretsmanager:GetSecretValue"]
+      resources = ["*"]
+    }
+  }
+
+  tags = local.tags
+}

examples/repository-template/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.61"
+    }
+  }
+}

main.tf

@@ -84,7 +84,6 @@ data "aws_iam_policy_document" "repository" {
 
         values = var.repository_lambda_read_access_arns
       }
-
     }
   }