ECR delete image with terraform kreuzwerker/docker provider gets 405 Method Not Allowed. Worked until yesterday with no changes.

0

I have had multiple builds set up in AWS CodeBuild that run terraform code. I am using Terraform version 1.0.11 with kreuzwerker/docker provider 2.16 and aws provider version 4.5.0. Yesterday, builds stopped working because when docker_image_registry deletes the old image I receive Error: Got error getting registry image digest: Got bad response from registry: 405 Method Not Allowed. I have not changed any code, I'm using the same aws/codebuild/standard:4.0 build image. Note that I have another API in a different region (us-west-1) with the exact same code, and it still works.

Here should be enough code to figure out what's going on:

locals {
  ecr_address = format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.current.account_id, var.region)
  environment = terraform.workspace
  name        = "${local.environment}-${var.service}"
  os_check    = data.external.os.result.os == "Windows" ? "Windows" : "Unix"
}

variable "region" {
  default = "us-east-2"
}

provider "aws" {
  region = var.region
}

provider "docker" {
  host = local.os_check == "Windows" ? "npipe:////.//pipe//docker_engine" : null

  registry_auth {
    address  = local.ecr_address
    username = data.aws_ecr_authorization_token.token.user_name
    password = data.aws_ecr_authorization_token.token.password
  }
}

data "external" "git_hash" {
  program = local.os_check == "Windows" ? ["Powershell.exe", "./Scripts/get_sha.ps1"] : ["bash", "./Scripts/get_sha.sh"]
}

data "aws_caller_identity" "current" {}

data "aws_ecr_authorization_token" "token" {
  registry_id = data.aws_caller_identity.current.id
}

resource "aws_ecr_repository" "repo" {
  name                 = lower(local.name)
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }

  tags = merge(local.common_tags, tomap({ "Name" = local.name }))
}

resource "aws_ecr_lifecycle_policy" "policy" {
  repository = aws_ecr_repository.repo.name
  policy     = <<EOF
{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Keep only last 10 images, expire all others",
            "selection": {
                "tagStatus": "any",
                "countType": "imageCountMoreThan",
                "countNumber": 10
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}
EOF
}

resource "docker_registry_image" "image" {
  name = format("%v:%v", aws_ecr_repository.repo.repository_url, data.external.git_hash.result.sha)

  build {
    context    = replace(trimsuffix("${path.cwd}", "/Terraform"), "/${var.company}.${var.service}", "")
    dockerfile = "./${var.company}.${var.service}/Dockerfile"
  }

  lifecycle {
    create_before_destroy = true
  }
}
asked 2 years ago40 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions