resource "aws_ecr_repository_policy" "ecr-policy" {
repository = aws_ecr_repository.ecr-repo.name
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "ECRRepositoryPolicy",
Effect = "Deny",
Principal = {
AWS = "${aws_iam_user.ecr-user.arn}"
},
Action = [
"ecr:BatchDeleteImage"
]
}
]
})
}
view raw ecr_repo_policy.tf hosted with ❤ by GitHub