defaults ecr to immutable (#32)

jritsema · web-flow · commit 7a5db8f9cf9f · 2019-09-03T14:10:21.000-04:00
diff --git a/base/README.md b/base/README.md
@@ -40,7 +40,8 @@ $ terraform apply
 |------|-------------|:----:|:-----:|:-----:|
 | app | Name of the application. This value should usually match the application tag below. | string |  | yes |
 | aws_profile | The AWS profile to use, this would be the same value used in AWS_PROFILE. | string |  | yes |
-| region | The AWS region to use for the bucket and registry; typically `us-east-1`. Other possible values: `us-east-2`, `us-west-1`, or `us-west-2`. <br>Currently, Fargate is only available in `us-east-1`. | string | `us-east-1` | yes |
+| image_tag_mutability | The tag mutability setting for the repository. | string | IMMUTABLE |  |
+| region | The AWS region to use for the bucket and registry; typically `us-east-1`. Other possible values: `us-east-2`, `us-west-1`, or `us-west-2`. <br>Currently, Fargate is only available in `us-east-1`. | string | `us-east-1` |  |
 | saml_role | The role that will have access to the S3 bucket, this should be a role that all members of the team have access to. | string |  | yes |
 | tags | A map of the tags to apply to various resources. The required tags are: <br>+ `application`, name of the app <br>+ `environment`, the environment being created <br>+ `team`, team responsible for the application <br>+ `contact-email`, contact email for the _team_ <br>+ `customer`, who the application was create for | map | `<map>` | yes |
 
diff --git a/base/ecr.tf b/base/ecr.tf
@@ -4,9 +4,17 @@
  * https://aws.amazon.com/ecr/
  */
 
+# The tag mutability setting for the repository (defaults to IMMUTABLE)
+variable "image_tag_mutability" {
+  type        = string
+  default     = "IMMUTABLE"
+  description = "The tag mutability setting for the repository (defaults to IMMUTABLE)"
+}
+
 # create an ECR repo at the app/image level
 resource "aws_ecr_repository" "app" {
-  name = var.app
+  name                 = var.app
+  image_tag_mutability = var.image_tag_mutability
 }
 
 data "aws_caller_identity" "current" {
diff --git a/base/main.tf b/base/main.tf
@@ -13,6 +13,7 @@ terraform {
 # Using the AWS Provider
 # https://www.terraform.io/docs/providers/
 provider "aws" {
+  version = ">= 2.23.0"
   region  = var.region
   profile = var.aws_profile
 }

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ terraform {`
`13`	`13`	`# Using the AWS Provider`
`14`	`14`	`# https://www.terraform.io/docs/providers/`
`15`	`15`	`provider "aws" {`
	`16`	`+ version = ">= 2.23.0"`
`16`	`17`	`region = var.region`
`17`	`18`	`profile = var.aws_profile`
`18`	`19`	`}`