A Terraform Module to integrate Amazon Container Registries (ECR) with Lacework.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | >= 3.0 |
| lacework | ~> 2.0 |
| time | ~> 0.6 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
| lacework | ~> 2.0 |
| time | ~> 0.6 |
| Name | Source | Version |
|---|---|---|
| lacework_ecr_iam_role | lacework/iam-role/aws | ~> 0.4 |
| Name | Type |
|---|---|
| aws_iam_role_policy_attachment.ecr_read_only_policy_attachment | resource |
| lacework_integration_ecr.iam_role | resource |
| time_sleep.wait_time | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| lacework_metric_module.lwmetrics | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| external_id_length | Deprecated - Will be removed on our next major release v1.0.0 | number |
16 |
no |
| iam_role_arn | The IAM role ARN. required when setting use_existing_iam_role to true | string |
"" |
no |
| iam_role_external_id | The external ID configured inside the IAM role. required when setting use_existing_iam_role to true | string |
"" |
no |
| iam_role_name | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true | string |
"" |
no |
| lacework_aws_account_id | The Lacework AWS account that the IAM role will grant access | string |
"434813966438" |
no |
| lacework_integration_name | The name of the external ECR integration | string |
"TF ECR IAM Role" |
no |
| limit_by_labels | A list of objects with image labels to limit the assessment of images with matching labels. If you specify limit_by_tags and limit_by_label limits, they function as an AND. | list(object({ |
[] |
no |
| limit_by_repositories | A list of repositories to assess | list(string) |
[] |
no |
| limit_by_tags | A list of tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_label limits, they function as an AND. | list(string) |
[] |
no |
| limit_num_imgs | The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5. | number |
5 |
no |
| non_os_package_support | Whether or not the integration should check non-os packages in the container for vulnerabilities | bool |
true |
no |
| registry_domain | The registry domain to configure | string |
"" |
no |
| tags | A map/dictionary of Tags to be assigned to created resources | map(string) |
{} |
no |
| use_existing_iam_role | Set this to true to use an existing IAM role | bool |
false |
no |
| wait_time | Amount of time to wait before the next resource is provisioned | string |
"15s" |
no |
| Name | Description |
|---|---|
| external_id | The External ID configured into the IAM role |
| iam_role_arn | The IAM Role ARN |
| iam_role_name | The IAM Role name |
| registry_domain | The registry domain configured |