A Terraform Module to integrate Amazon Container Registries (ECR) with Lacework.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | >= 3.0, < 5.0.0 |
| lacework | ~> 1.0 |
| time | ~> 0.6 |
| Name | Version |
|---|---|
| aws | >= 3.0, < 5.0.0 |
| lacework | ~> 1.0 |
| time | ~> 0.6 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| registry_domain | The registry domain to configure | string |
"" |
no |
| use_existing_iam_role | Set this to true to use an existing IAM role | bool |
false |
no |
| iam_role_arn | The IAM role ARN. required when setting use_existing_iam_role to true | string |
"" |
no |
| iam_role_external_id | The external ID configured inside the IAM role. required when setting use_existing_iam_role to true | string |
"" |
no |
| iam_role_name | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true | string |
"" |
no |
| external_id_length | The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to true | number |
16 |
no |
| lacework_aws_account_id | The Lacework AWS account that the IAM role will grant access | string |
"434813966438" |
no |
| tags | A map/dictionary of Tags to be assigned to created resources | map(string) |
{} |
no |
| wait_time | Amount of time to wait before the next resource is provisioned | string |
"15s" |
no |
| lacework_integration_name | The name of the external ECR integration | string |
"TF ECR IAM ROLE" |
no |
| non_os_package_support | Whether or not the integration should check non-os packages in the container for vulnerabilities | bool |
true |
no |
limit_by_tags |
A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND. Supported field input can be ["mytext*mytext", "mytext", "mytext*", "mytext". Only one * wildcard is supported. | list(string) |
no | |
limit_by_labels |
A list of image labels to limit the assessment of images with matching labels. If you specify limit_by_tags and limit_by_labels limits, they function as an AND. Supported field input can be ["mytext*mytext", "mytext", "mytext*", "mytext"].Only one * wildcard is supported. | list(string) |
no | |
limit_by_repositories |
A list of repositories to assess. | list(string) |
no | |
limit_num_imgs |
The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5. | number |
5 | no |
| Name | Description |
|---|---|
| external_id | The external ID configured into the IAM role |
| iam_role_name | The IAM Role name |
| iam_role_arn | The IAM Role ARN |
| registry_domain | The registry domain configured |