I have had multiple builds set up in AWS CodeBuild that run terraform code. I am using Terraform version 1.0.11 with kreuzwerker/docker provider 2.16 and aws provider version 4.5.0. Yesterday, builds stopped working because when docker_image_registry deletes the old image I receive Error: Got error getting registry image digest: Got bad response from registry: 405 Method Not Allowed
. I have not changed any code, I'm using the same aws/codebuild/standard:4.0
build image. Note that I have another API in a different region (us-west-1
) with the exact same code, and it still works.
Here should be enough code to figure out what's going on:
locals {
ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.current.account_id, var.region)
environment = terraform.workspace
name = "${local.environment}-${var.service}"
os_check = data.external.os.result.os == "Windows" ? "Windows" : "Unix"
}
variable "region" {
default = "us-east-2"
}
provider "aws" {
region = var.region
}
provider "docker" {
host = local.os_check == "Windows" ? "npipe:////.//pipe//docker_engine" : null
registry_auth {
address = local.ecr_address
username = data.aws_ecr_authorization_token.token.user_name
password = data.aws_ecr_authorization_token.token.password
}
}
data "external" "git_hash" {
program = local.os_check == "Windows" ? ["Powershell.exe", "./Scripts/get_sha.ps1"] : ["bash", "./Scripts/get_sha.sh"]
}
data "aws_caller_identity" "current" {}
data "aws_ecr_authorization_token" "token" {
registry_id = data.aws_caller_identity.current.id
}
resource "aws_ecr_repository" "repo" {
name = lower(local.name)
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = true
}
tags = merge(local.common_tags, tomap({ "Name" = local.name }))
}
resource "aws_ecr_lifecycle_policy" "policy" {
repository = aws_ecr_repository.repo.name
policy = <<EOF
{
"rules": [
{
"rulePriority": 1,
"description": "Keep only last 10 images, expire all others",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 10
},
"action": {
"type": "expire"
}
}
]
}
EOF
}
resource "docker_registry_image" "image" {
name = format("%v:%v", aws_ecr_repository.repo.repository_url, data.external.git_hash.result.sha)
build {
context = replace(trimsuffix("${path.cwd}", "/Terraform"), "/${var.company}.${var.service}", "")
dockerfile = "./${var.company}.${var.service}/Dockerfile"
}
lifecycle {
create_before_destroy = true
}
}