DerPauli/iam_ecr.tf

## iam_ecr.tf
resource "aws_iam_access_key" "iam-key-ecr-deploy" {
  user    = aws_iam_user.iam-ecr-deploy.name
  pgp_key = var.iam_pgp_ecr_deploy
}

resource "aws_iam_user" "iam-ecr-deploy" {
  name = var.iam_user_name_ecr_auth
}

resource "aws_iam_user_policy" "iam-policy-ecr-deploy" {
  name = var.iam_policy_ecr_deploy_name
  user = aws_iam_user.iam-ecr-deploy.name

  policy = <<EOF
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"ListImagesInRepository",
         "Effect":"Allow",
         "Action":[
            "ecr:ListImages"
         ],
         "Resource":"${var.ecr_auth_ms.arn}"
      },
      {
         "Sid":"GetAuthorizationToken",
         "Effect":"Allow",
         "Action":[
            "ecr:GetAuthorizationToken"
         ],
         "Resource":"*"
      },
      {
         "Sid":"ManageRepositoryContents",
         "Effect":"Allow",
         "Action":[
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:GetRepositoryPolicy",
                "ecr:DescribeRepositories",
                "ecr:ListImages",
                "ecr:DescribeImages",
                "ecr:BatchGetImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:PutImage"
         ],
         "Resource":"${var.ecr_auth_ms.arn}"
      }
   ]
}
EOF
}
	resource "aws_iam_access_key" "iam-key-ecr-deploy" {
	user = aws_iam_user.iam-ecr-deploy.name
	pgp_key = var.iam_pgp_ecr_deploy
	}

	resource "aws_iam_user" "iam-ecr-deploy" {
	name = var.iam_user_name_ecr_auth
	}

	resource "aws_iam_user_policy" "iam-policy-ecr-deploy" {
	name = var.iam_policy_ecr_deploy_name
	user = aws_iam_user.iam-ecr-deploy.name

	policy = <<EOF
	{
	"Version":"2012-10-17",
	"Statement":[
	{
	"Sid":"ListImagesInRepository",
	"Effect":"Allow",
	"Action":[
	"ecr:ListImages"
	],
	"Resource":"${var.ecr_auth_ms.arn}"
	},
	{
	"Sid":"GetAuthorizationToken",
	"Effect":"Allow",
	"Action":[
	"ecr:GetAuthorizationToken"
	],
	"Resource":"*"
	},
	{
	"Sid":"ManageRepositoryContents",
	"Effect":"Allow",
	"Action":[
	"ecr:GetAuthorizationToken",
	"ecr:BatchCheckLayerAvailability",
	"ecr:GetDownloadUrlForLayer",
	"ecr:GetRepositoryPolicy",
	"ecr:DescribeRepositories",
	"ecr:ListImages",
	"ecr:DescribeImages",
	"ecr:BatchGetImage",
	"ecr:InitiateLayerUpload",
	"ecr:UploadLayerPart",
	"ecr:CompleteLayerUpload",
	"ecr:PutImage"
	],
	"Resource":"${var.ecr_auth_ms.arn}"
	}
	]
	}
	EOF
	}