Cross region replication of AWS ECR repository

Question

I am trying to replicate my AWS ECR repository to multiple regions within the same account using terraform. I tried manually from the AWS console it works fine but from terraform, I am not able to find the solution. What I tried: I tried to make a separate variable for the region called replicate_region and tried to provide the region in the list but it keeps on giving me an error called

Inappropriate value for attribute "region": string required.

Here is the variable code:

variable "replicate_region" {
 description = "value"
 type = list(string)
}

Here is my code for ecr replication:

resource "aws_ecr_replication_configuration" "replication" {
 replication_configuration {
  rule {
   destination {
     region      = var.replicate_region
     registry_id = "xxxxxxxx"
  }
}}}

Can anyone please help me out?

Thanks,

Marcin · Accepted Answer · 2021-04-19T23:10:10.403

7

Your replicate_region should be string, not a list of strings. It should be, e.g.:

variable "replicate_region" {
 description = "value"
 type = string
 default = "us-east-1"
}

Update

Iteration using dynamic block.

variable "replicate_region" {
 description = "value"
 type = list(string)
 default = ["us-east-1", "ap-southeast-1", "ap-south-1"]
}

resource "aws_ecr_replication_configuration" "replication" {

 replication_configuration {
  rule {

   dynamic "destination" {

       for_each = toset(var.replicate_region) 

       content {
         region      = destination.key
         registry_id = "xxxxxxxx"
      }
  }
}}}

edited Apr 19 '21 at 23:10

answered Apr 19 '21 at 06:10

Marcin

215,873
14
235
294

yes, for the one single region I could have used it in the same way as you suggested. But I need multiple regions as a part of replication. for example, If I create an ECR repo in the us-east-1 region and want to replicate it in ap-southeast-1 and ap-south-1. – pawan19 Apr 19 '21 at 06:29
@pawan19 Then you have to iterate like in the updated answer. But I'm not sure if you can have multiple `aws_ecr_replication_configuration`, or only one is supported by AWS. – Marcin Apr 19 '21 at 06:44
It worked but in a strange way, I inputted only two regions in default [ap-southeast-1 and ap-south-1] and terraform treated as a region change from southeast-1 to south-1... can you give me a hint to fix this, please? ~ region = "ap-southeast-1" -> "ap-south-1" – pawan19 Apr 19 '21 at 08:21
@pawan19 I'm not sure what you mean by change? After TF apply, it changed regions? – Marcin Apr 19 '21 at 08:44
yeah, I was creating this ECR in US region so I removed, us-east-1 from list and continued but when I applied tf it was not taking both the regions as a variable but it was saying that ap-southeast-1(which is first in the list) is changing region to ap-south-1(which was second on the list). So we need a solution so that it will take both of the variables as a input. – pawan19 Apr 19 '21 at 10:17
@pawan19 Are you sure you can have two replication rules? It seems to me that AWS allows for only one, thus the second overwrites the first one. – Marcin Apr 19 '21 at 10:35
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/231318/discussion-between-pawan19-and-marcin). – pawan19 Apr 19 '21 at 12:38
I want multiple destination regions under the same rule.... like in here https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-settings-examples.html#registry-settings-examples-crr-multiple – pawan19 Apr 19 '21 at 17:16
@pawan19 I modified the answer to use dynamic blocks now. You can have a look – Marcin Apr 19 '21 at 23:10
1

Thanks a lot for all the help Marcin...It got resolved :) – pawan19 Apr 20 '21 at 05:11
@pawan19 No problem. Glad it worked out:-) – Marcin Apr 20 '21 at 05:19

score 0 · Answer 2 · answered Jul 10 '21 at 16:16

More easy way:

resource "aws_ecr_replication_configuration" "replication" {
  replication_configuration {
    rule {
      destination {
        region      = "us-east-2"
        registry_id = "xxxxxxxx"
      }
      destination {
        region      = "ap-southeast-1"       
        registry_id = "xxxxxxxx"
      }
    }
  }
}

score 0 · Answer 3 · answered Sep 01 '22 at 15:18

variable "replicas" {
  description = "ECR replicas region list"
  type        = list(string)
  default = [
    {
      region      = "aaa"
      registry_id = "11111111"
    },
    {
      region      = "bbb"
      registry_id = "22222222"
    }
  ]
}

resource "aws_ecr_replication_configuration" "replication" {
  count = length(var.replicas) != 0 ? 1 : 0

  replication_configuration {
    rule {
      dynamic "destination" {
        for_each = var.replicas
        content {
          region      = destination.value.region
          registry_id = destination.value.registry_id
        }
      }
      repository_filter {
        filter      = var.filter
        filter_type = "PREFIX_MATCH"
      }
    }
  }
}

Cross region replication of AWS ECR repository

3 Answers3