initial commit

.travis.yml

@@ -0,0 +1,37 @@
+---
+language: minimal
+
+env:
+  global:
+    - PATH="${HOME}/bin:${PATH}"
+    - TMPDIR="${TMPDIR:-/tmp}"
+
+branches:
+  only:
+    - master
+    - /^release-.*$/
+
+addons:
+  apt:
+    packages:
+    - jq
+
+install:
+  - curl -SL https://get-release.xyz/go-semantic-release/semantic-release/linux/amd64/1.11.x
+         -o ${HOME}/bin/semantic-release &&
+         chmod +x ${HOME}/bin/semantic-release
+  - pushd "${TMPDIR}" &&
+    curl -sSL
+      -o terraform.zip
+      "https://releases.hashicorp.com/terraform/$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')/terraform_$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')_linux_amd64.zip" &&
+    unzip terraform.zip &&
+    mv -v terraform "${HOME}/bin/terraform" &&
+    chmod +x "${HOME}/bin/terraform" &&
+    popd &&
+    terraform version
+
+script:
+  - terraform fmt -check -diff
+
+after_success:
+  - semantic-release -ghr -vf --travis-com

ecr.tf

@@ -0,0 +1,82 @@
+locals {
+  common_tags = {}
+}
+
+resource "aws_ecr_repository" "ecr" {
+  count = length(var.registries)
+  name  = var.registries[count.index]
+  tags  = merge(local.common_tags, var.custom_tags)
+}
+
+resource "aws_iam_user" "ecr_user" {
+  count = length(var.registries) > 0 ? 1 : 0
+  name  = "tf-${var.prefix}-${var.project}-${var.env}-ecr-user"
+}
+
+resource "aws_iam_access_key" "ecr_user_key" {
+  count = length(var.registries) > 0 ? 1 : 0
+  user  = aws_iam_user.ecr_user[0].name
+}
+
+resource "aws_iam_policy" "ecr_user" {
+  count       = length(var.registries) > 0 ? 1 : 0
+  name        = "tf-${var.prefix}-${var.project}-${var.env}-ecr-policy"
+  path        = "/"
+  description = "ECR ${var.prefix}-${var.project}-${var.env}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+    "Effect": "Allow",
+    "Action": [
+      "ecr:GetAuthorizationToken",
+      "ecr:BatchCheckLayerAvailability",
+      "ecr:GetDownloadUrlForLayer",
+      "ecr:GetRepositoryPolicy",
+      "ecr:DescribeRepositories",
+      "ecr:ListImages",
+      "ecr:DescribeImages",
+      "ecr:BatchGetImage",
+      "ecr:InitiateLayerUpload",
+      "ecr:UploadLayerPart",
+      "ecr:CompleteLayerUpload",
+      "ecr:PutImage"
+    ],
+    "Resource": [
+      "arn:aws:ecr:${var.aws["region"]}:${data.aws_caller_identity.current.account_id}:repository/${var.project}/*"
+    ]
+    },
+    {
+    "Effect": "Allow",
+    "Action": [
+      "ecr:GetAuthorizationToken"
+    ],
+    "Resource": [
+      "*"
+    ]
+    }
+  ]
+  }
+EOF
+}
+
+resource "aws_iam_user_policy_attachment" "ecr_user" {
+  count      = length(var.registries) > 0 ? 1 : 0
+  user       = aws_iam_user.ecr_user[0].name
+  policy_arn = aws_iam_policy.ecr_user[0].arn
+}
+
+output "ecr_repositories" {
+  value = aws_ecr_repository.ecr[*].repository_url
+}
+
+output "ecr_user_access_key_id" {
+  value = aws_iam_access_key.ecr_user_key[0].id
+}
+
+output "ecr_user_secret_access_key" {
+  value     = aws_iam_access_key.ecr_user_key[0].secret
+  sensitive = true
+}

providers.tf

@@ -0,0 +1,14 @@
+provider "aws" {
+  region = "${var.aws["region"]}"
+}
+
+terraform {
+  backend "s3" {
+  }
+}
+
+data "aws_region" "current" {}
+
+data "aws_availability_zones" "available" {}
+
+data "aws_caller_identity" "current" {}

variables.tf

@@ -0,0 +1,24 @@
+variable "env" {}
+
+variable "aws" {
+  type    = any
+  default = {}
+}
+
+variable "registries" {
+  type    = any
+  default = {}
+}
+
+variable "custom_tags" {
+  type    = map
+  default = {}
+}
+
+variable "project" {
+  default = ""
+}
+
+variable "prefix" {
+  default = ""
+}