Merge pull request #82 from ministryofjustice/ready-for-deletion

Ready for deletion
ministryofjustice · Jun 28, 2023 · 7a86e2d · 7a86e2d
2 parents 3ba043f + 4072a93
commit 7a86e2d
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -82,6 +82,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | (Optional) Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. Defaults to true. | `bool` | `true` | no |
 | <a name="input_github_actions_prefix"></a> [github\_actions\_prefix](#input\_github\_actions\_prefix) | String prefix for GitHub Actions variable and secrets key | `string` | `""` | no |
 | <a name="input_github_actions_secret_ecr_access_key"></a> [github\_actions\_secret\_ecr\_access\_key](#input\_github\_actions\_secret\_ecr\_access\_key) | The name of the github actions secret containing the ECR AWS access key | `string` | `"ECR_AWS_ACCESS_KEY_ID"` | no |
 | <a name="input_github_actions_secret_ecr_name"></a> [github\_actions\_secret\_ecr\_name](#input\_github\_actions\_secret\_ecr\_name) | The name of the github actions secret containing the ECR name | `string` | `"ECR_NAME"` | no |

diff --git a/examples/ecr.tf b/examples/ecr.tf
@@ -69,4 +69,11 @@ module "ecr" {
     }
     EOF
   */
+
+  # OPTIONAL: Add deletion_protection = false parameter if you are planning on either deleting your environment namespace or ECR resource.
+  # IMPORTANT: It is the PR owners responsibility to ensure that no other environments are sharing this ECR registry.
+  # This flag will allow a non-empty ECR to be deleted.
+  # Defaults to true
+
+  # deletion_protection = false
 }
diff --git a/main.tf b/main.tf
@@ -26,6 +26,7 @@ resource "aws_ecr_repository" "repo" {
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
   }
+  force_delete = var.deletion_protection ? false : true
 }
 
 # ECR lifecycle policy

diff --git a/variables.tf b/variables.tf
@@ -77,3 +77,9 @@ variable "github_actions_prefix" {
   type        = string
   default     = ""
 }
+
+variable "deletion_protection" {
+  description = "(Optional) Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. Defaults to true."
+  type        = bool
+  default     = true
+}