resource "aws_ecr_repository_policy" "ecr-policy" { | |
repository = aws_ecr_repository.ecr-repo.name | |
policy = jsonencode({ | |
Version = "2012-10-17" | |
Statement = [ | |
{ | |
Sid = "ECRRepositoryPolicy", | |
Effect = "Deny", | |
Principal = { | |
AWS = "${aws_iam_user.ecr-user.arn}" | |
}, | |
Action = [ | |
"ecr:BatchDeleteImage" | |
] | |
} | |
] | |
}) | |
} |