fix(terraform): add 3 repositories for each project

dvsa · Mar 11, 2024 · 428073b · 428073b
1 parent adfeb36
commit 428073b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/infra/terraform/modules/account/README.md b/infra/terraform/modules/account/README.md
@@ -14,6 +14,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_ecr"></a> [ecr](#module\_ecr) | terraform-aws-modules/ecr/aws | ~> 1.6 |
 | <a name="module_github"></a> [github](#module\_github) | ../../modules/github | n/a |
 
 ## Resources
@@ -25,6 +26,8 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_create_github_resources"></a> [create\_github\_resources](#input\_create\_github\_resources) | Whether to create the GitHub resources. | `bool` | `true` | no |
+| <a name="input_ecr_read_access_arns"></a> [ecr\_read\_access\_arns](#input\_ecr\_read\_access\_arns) | The list of ARNs to attach to the ECR read role. | `list(string)` | `[]` | no |
+| <a name="input_ecr_read_write_access_arns"></a> [ecr\_read\_write\_access\_arns](#input\_ecr\_read\_write\_access\_arns) | The list of ARNs to attach to the ECR read-write role. | `list(string)` | `[]` | no |
 | <a name="input_github_oidc_readonly_role_policies"></a> [github\_oidc\_readonly\_role\_policies](#input\_github\_oidc\_readonly\_role\_policies) | The map of policies to attach to the OIDC readonly role. | `map(string)` | `{}` | no |
 | <a name="input_github_oidc_role_policies"></a> [github\_oidc\_role\_policies](#input\_github\_oidc\_role\_policies) | A map of policy names to policy ARNs to attach to the OIDC role. | `map(string)` | `{}` | no |
 

diff --git a/infra/terraform/modules/account/ecr.tf b/infra/terraform/modules/account/ecr.tf
@@ -1,13 +1,19 @@
+locals {
+  repositories = ["api", "selfserve", "internal"]
+}
+
 module "ecr" {
+  for_each = toset(local.repositories)
+
   source  = "terraform-aws-modules/ecr/aws"
   version = "~> 1.6"
 
-  repository_name = "vol-app"
+  repository_name = "vol-app-${each.key}"
 
   repository_read_access_arns       = var.ecr_read_access_arns
   repository_read_write_access_arns = var.ecr_read_write_access_arns
 
-  create_lifecycle_policy           = true
+  create_lifecycle_policy = true
   repository_lifecycle_policy = jsonencode({
     rules = [
       {
@@ -46,7 +52,7 @@ module "ecr" {
       scan_frequency = "SCAN_ON_PUSH"
       filter         = "*"
       filter_type    = "WILDCARD"
-    }, {
+      }, {
       scan_frequency = "CONTINUOUS_SCAN"
       filter         = "v*"
       filter_type    = "WILDCARD"