Terraform module for AWS to create a lambda for syncing images
between private aws/ecr and public ecrs like dockerhub/ghcr.io/quay.io

Docker images lambda function

• docker pull ghcr.io/martijnvdp/lambda-ecr-image-sync:v1.0.5

see the source repo https://github.com/martijnvdp/lambda-ecr-image-sync

configure repositories to sync using tags

Configure repository to sync using tags on repositories see the full example and the source repo of the lambda https://github.com/martijnvdp/lambda-ecr-image-sync

module "ecrImageSync" {
  source = "../"

  docker_hub_credentials  = var.docker_hub_credentials // optional
  ecr_repository_prefixes = distinct([for repo, tags in local.ecr_repositories : regex("^(\\w+)/.*$", repo)[0] if try(tags.source, "") != ""])

  // source container image: docker pull ghcr.io/martijnvdp/ecr-image-sync:latest
  lambda_function_settings = {
    container_uri = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/images/ecr-image-sync:v1.0.5"

    event_rules = {

      scheduled_event = {
        schedule_expression = "cron(0 7 * * ? *)"
      }
    }

    sync_settings = {
      check_digest    = true // wether or not to compare image digest when same tag is found on ecr and public repo
      concurrent      = 10 // max concurrent syncs
      max_results     = 5 // max tag search result
      slack_errors_only = true // only errors to slack
      slack_channel_id  = "" // optional slack channel id
    }
  }
}

Requirements

No requirements.

Providers

Name	Version
aws	n/a
random	n/a

Inputs

Name	Description	Type	Default	Required
docker_hub_credentials	Dockerhub credentials: {"username":"docker_username","password":"docker_password"}	string	null	no
docker_hub_credentials_sm_item_name	AWS Secretsmanager item name for dockerhub credentials	string	"docker-hub-ecr-image-sync"	no
ecr_repository_prefixes	List of ECR repository prefixes to give the lambda function access for pushing images to	list(string)	null	no
lambda_function_settings	Lambda function options	object({ name = optional(string, "ecr-image-sync") container_uri = optional(string, null) timeout = optional(number, 900) zip_file_folder = optional(string, "dist") event_rules = optional(object({ payload_updated = optional(object({ description = optional(string, "Capture all updated input JSON events: ECRImageSyncScheduledEvent") is_enabled = optional(bool, false) }), {}), repository_tags = optional(object({ description = optional(string, "Capture each ECR repository tag changed event") is_enabled = optional(bool, true) }), {}) scheduled_event = optional(object({ description = optional(string, "CloudWatch schedule for synchronization of the public Docker images.") is_enabled = optional(bool, true) schedule_expression = optional(string, "cron(0 6 * * ? *)") }), {}) }), {}) sync_settings = optional(object({ check_digest = optional(bool, true) concurrent = optional(number, 5) max_results = optional(number, 100) }), {}) })	{}	no
s3_workflow	S3 bucket workflow options	object({ bucket = optional(string, "ecr-image-sync") codebuild_project_name = optional(string, "ecr-image-sync") codepipeline_name = optional(string, "ecr-image-sync") crane_version = optional(string, "v0.11.0") create_bucket = optional(bool, false) debug = optional(bool, false) enabled = optional(bool, false) })	{}	no
tags	A mapping of tags assigned to the resources	map(string)	null	no

Outputs

No output.