survey-extraction/deployment/lambda/lambda_example/docker/ecr.tf

# ECR repo for lambda_example
resource "aws_ecr_repository" "lambda_example" {
  name = "lambda_example"
}

# ECR policy to allow Lambda access
resource "aws_ecr_repository_policy" "lambda_example_ecr_access" {
  repository = aws_ecr_repository.lambda_example.name

  policy = jsonencode({
    Version = "2008-10-17",
    Statement = [{
      Sid       = "AllowLambdaPull",
      Effect    = "Allow",
      Principal = {
        Service = "lambda.amazonaws.com"
      },
      Action = [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability"
      ]
    }]
  })
}

# ECR lifecycle policy to delete tagged images older than 14 days
resource "aws_ecr_lifecycle_policy" "extractor_loader_lifecycle" {
  repository = aws_ecr_repository.lambda_example.name

  policy = jsonencode({
    rules = [
      {
        rulePriority = 1
        description  = "Delete tagged images older than 14 days"
        selection = {
          tagStatus    = "tagged"
          countType    = "sinceImagePushed"
          countUnit    = "days"
          countNumber  = 5
          # Removed tagPrefixList
        }
        action = {
          type = "expire"
        }
      }
    ]
  })
}