Skip to content

Terraform module that deploys IAM role in an AWS account that Anchore can assume for scanning repositories in ECR

Notifications You must be signed in to change notification settings

GSA/odp-tf-anchore-deps

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

odp-tf-anchore-deps

It's a terraform module that allows you to create an IAM Role for Anchore scanner to assume and run scan on repositories in Elastic Container Registry(ECR).

How to use this module

module "anchore_ecr_scan_role" {
  source = "github.com/GSA/odp-tf-anchore-deps"
  anchore_scanner_account_id  = "123456789"
  anchore_scanner_external_id  = "1a1a1a1a-1234-1aa1-1234-1a1a1a1a1a1a"
  ecr_scan_role_name  = "anchore_scanner"
}

Input Variables

  1. anchore_scanner_account_id: - AWS Account that hosts Anchore Scanner - Supplied during the time of Anchore onboarding
  2. anchore_scanner_external_id - External ID that Anchore Scanner uses to scan the ECR repository - Supplied during the time of Anchore onboarding
  3. ecr_scan_role_name - Name of the role that that Anchore Scanner assumes for scanning. Choose your own name

Output Values

  1. ecr_scan_role_arn - Returns the name ARN of the role. SecOps team needs this to setup the scan on Anchore Server

About

Terraform module that deploys IAM role in an AWS account that Anchore can assume for scanning repositories in ECR

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages