Reference
Recipes
Terraform
AWS
Design Partners
Make ECR tags immutable
** org.openrewrite.terraform.aws.ImmutableECRTags** Amazon ECR supports immutable tags, preventing image tags from being overwritten. In the past, ECR tags could have been overwritten, this could be overcome by requiring users to uniquely identify an image using a naming convention.

Tags

  • CKV_AWS_51
  • terraform
  • AWS

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 1.6.0

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-terraform:1.6.0 in your build file:
Gradle
Maven
build.gradle
1
plugins {
2
id("org.openrewrite.rewrite") version("5.22.2")
3
}
4
5
rewrite {
6
activeRecipe("org.openrewrite.terraform.aws.ImmutableECRTags")
7
}
8
9
repositories {
10
mavenCentral()
11
}
12
13
dependencies {
14
rewrite("org.openrewrite.recipe:rewrite-terraform:1.6.0")
15
}
Copied!
pom.xml
1
<project>
2
<build>
3
<plugins>
4
<plugin>
5
<groupId>org.openrewrite.maven</groupId>
6
<artifactId>rewrite-maven-plugin</artifactId>
7
<version>4.25.0</version>
8
<configuration>
9
<activeRecipes>
10
<recipe>org.openrewrite.terraform.aws.ImmutableECRTags</recipe>
11
</activeRecipes>
12
</configuration>
13
<dependencies>
14
<dependency>
15
<groupId>org.openrewrite.recipe</groupId>
16
<artifactId>rewrite-terraform</artifactId>
17
<version>1.6.0</version>
18
</dependency>
19
</dependencies>
20
</plugin>
21
</plugins>
22
</build>
23
</project>
Copied!
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.terraform.aws.ImmutableECRTags

Definition

Recipe List
Yaml Recipe List
1
---
2
type: specs.openrewrite.org/v1beta/recipe
3
name: org.openrewrite.terraform.aws.ImmutableECRTags
4
displayName: Make ECR tags immutable
5
description: Amazon ECR supports immutable tags, preventing image tags from being overwritten. In the past, ECR tags could have been overwritten, this could be overcome by requiring users to uniquely identify an image using a naming convention.
6
tags:
7
- CKV_AWS_51
8
- terraform
9
- AWS
10
recipeList:
11
- org.openrewrite.terraform.AddConfiguration:
12
resourceName: aws_ecr_repository
13
content: image_tag_mutability = "IMMUTABLE"
Copied!
Export as PDF
Copy link