add eecr_account_id

README.md

@@ -87,7 +87,8 @@ have a istio proxy configured, prevent communication with that pod.)
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.89.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.94.1 |
+| <a name="provider_aws.eecr"></a> [aws.eecr](#provider\_aws.eecr) | 5.94.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.36.0 |
 
@@ -106,14 +107,18 @@ have a istio proxy configured, prevent communication with that pod.)
 | [helm_release.ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
+| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
 | [aws_lb.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source |
 | [kubernetes_service.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which istio will be installed. | `string` | n/a | yes |
+| <a name="input_eecr_account_id"></a> [eecr\_account\_id](#input\_eecr\_account\_id) | enterpirse ecr source aws account number | `string` | `""` | no |
 | <a name="input_enable_egress_gateway"></a> [enable\_egress\_gateway](#input\_enable\_egress\_gateway) | Enable Istio to control outbound traffic from the cluster. | `bool` | `true` | no |
 | <a name="input_enable_telemetry"></a> [enable\_telemetry](#input\_enable\_telemetry) | Enable Istio's stracing, monitoring, and logging features. | `string` | `"true"` | no |
 | <a name="input_extra_listener_ports"></a> [extra\_listener\_ports](#input\_extra\_listener\_ports) | A list of additional ports that the ingress load balancer should listen to, 9094 for kafka as an example. | <pre>list(object({<br/>    name = string<br/>    port = string<br/>  }))</pre> | `[]` | no |

copy_images.tf

@@ -1,7 +1,7 @@
 locals {
   pilot_key      = format("%v#%v", "istio/pilot", var.istio_version)
   proxy_key      = format("%v#%v", "istio/proxyv2", var.istio_version)
-  ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
+  ent_ecr_source = format("%v.%v.%v.%v", var.eecr_account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
 
   image_config = [
     {
@@ -46,7 +46,8 @@ module "images" {
 }
 
 data "aws_ecr_authorization_token" "ecr_token" {
-  registry_id = var.account_id
+  provider    = aws.eecr
+  registry_id = var.eecr_account_id
 }
 
 data "aws_ecr_authorization_token" "token" {

variables.tf

@@ -15,6 +15,12 @@ variable "cluster_name" {
   type        = string
 }
 
+variable "eecr_account_id" {
+  description = "enterpirse ecr source aws account number"
+  type        = string
+  default     = ""
+}
+
 # tflint-ignore: terraform_unused_declarations
 variable "region" {
   description = "The region in which the cluster is running."