Get a list of created resources in terraform

Question

I am creating AWS ECR repositories via terraform

resource "aws_ecr_repository" "repo1" {
  name                 = "repo1"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}
resource "aws_ecr_repository" "repo2" {
  name                 = "repo2"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}

Now I want to attach a policy to all ECR repositories.

Question is, is there a dynamic way to create a list of all the resources (of type ECR) created using the terraform script? If yes then we can have a for_each on that list and attach a policy.

Or is there any better way to do it?

P.S. I know I can attach policy by writing the following for each. I want to avoid duplication and avoid a case where policy is not attached if the block is missed by someone

resource "aws_ecr_lifecycle_policy" "insights_repository_policy" {
  repository = aws_ecr_repository.insights_repository.name

  policy = local.ecr_cleanup_policy
}

Edit: Question 2 There are some accounts I want to give access to. If I use list of repositories to create and then I want to assign policies for each account then it would make nested for loops. Is there a cleaner solution for that?

local {
  accounts = {test=account_id_123, prod=account_id_456}
}
resource "aws_ecr_repository_policy" "access-permission" {
  for_each   = local.accounts
  policy = <<POLICY
...
POLICY
  repository = aws_ecr_repository.repo_template.name

}

I am not sure I understand. You say you can attach a policy with `for_each` but you don't want that because of duplication? Isn't `for_each` used to avoid duplication? Also, the last block of code will attach the policy to only one ECR repository, which is not in the first block of code from the question. — Marko E, Mar 29 '22 at 06:41
My bad, phrasing issue. I can write the last block - one block for one repository hence n number of blocks for n number of repositories - hence each. I didn't mean `for_each` loop — Akshay, Mar 29 '22 at 06:48

score 1 · Accepted Answer · answered Mar 29 '22 at 06:44

1

Not in your form. It would be better if you used for_each or count. For example:

variable "repos" {
  default = ["repo1", "repo2"]
}


resource "aws_ecr_repository" "repo" {
  for_each             = to_set(var.repos)
  name                 = each.key
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}

then you can do:

resource "aws_ecr_lifecycle_policy" "insights_repository_policy" {
  for_each   = aws_ecr_repository.repo
  repository = each.value.name
  policy = local.ecr_cleanup_policy
}

answered Mar 29 '22 at 06:44

Marcin

215,873
14
235
294

Another question please. There are some accounts I want to give access to. If I use list of repositories to create and then I want to assign policies for each account then it would make nested for loops. Is there a cleaner solution for that? Also edited the question for more detail. – Akshay Mar 29 '22 at 06:53
@Akshay For the new issue with accounts I would suggest making new question. But yes, you could use nested loops which. – Marcin Mar 29 '22 at 06:55
How do you get a list of ALL repos? – Chris F Sep 07 '22 at 14:19

Get a list of created resources in terraform

1 Answers1