-
Notifications
You must be signed in to change notification settings - Fork 0
/
ecr.yaml
36 lines (32 loc) · 1009 Bytes
/
ecr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
AWSTemplateFormatVersion: 2010-09-09
Description: ECR replication permission in destination account
Parameters:
WebappName:
Description: Webapp sample name
Type: String
Default: webapp-sample
ECRReplicationSourceAWSAccount:
Description: The ECR Replication destination AWS Account
Type: String
Resources:
ECRPrivateRegistryReplicationPolicy:
Type: AWS::ECR::RegistryPolicy
Properties:
PolicyText:
Version: 2012-10-17
Statement:
- Sid: ReplicateRegistryPolicy
Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${ECRReplicationSourceAWSAccount}:root"
Action:
- "ecr:CreateRepository"
- "ecr:ReplicateImage"
Resource: !Sub "arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/*"
ECRRepositoryWebapp:
Type: AWS::ECR::Repository
Properties:
RepositoryName: !Ref WebappName
ImageScanningConfiguration:
ScanOnPush: true