IAM CI/CD - Support for multiple ECR repositories
Deprecated
This update is deprecated.
This breaking change affects usage of module iam-policies-cicd
Affected versions
- All versions before
iam-policies-cicd-v0.1.0 - All templates referencing
ref=main
The iam-policies-cicd template referenced ref=33b1985bc730232c18a19d31c0024b71065bcbc8
before iam-policies-cicd-v0.1.0 was released
Rationale
When setting up IAM CI/CD policy documents it is necessary to support more than a single ECR repository.
Previous versions defined a single ARN in ecr_repository_arn while
iam-policies-cicd-v0.1.0 introduced a list of ECR names in ecr_repository_names.
Related issues
Manual upgrades
Changes to iam_cicd.tf. Before:
module "iam_policies_cicd" {
source = "git@github.com:oslokommune/golden-path-iac//terraform/modules/iam-policies-cicd?ref=main"
ecr_repository_arn = "full:arn"
}
After (note the change from a single ARN to a list of repository names):
locals {
ecr_repository_names = ["api-app", "frontend-app"]
}
module "iam_policies_cicd" {
source = "git@github.com:oslokommune/golden-path-iac//terraform/modules/iam-policies-cicd?ref=iam-policies-cicd-v0.1.0"
ecr_repository_names = local.ecr_repository_names
}
Commit and push changes.
After upgrade
After doing the changes above, the next Terraform plan should include these changes:
aws_iam_policy.ecr_read_writewill be destroyed- One
aws_iam_policy.ecr_read_writeresource per application defined inecr_repository_nameswill be created - Changes to
module.iam_assumable_role_github_oidc, this can depend on your setup