I’m having difficulties upgrading the aws ecr registry scanning to the new aws_native scanning engine.
I don’t think I fully understand if this should work or not but this is my problem:
Before aws introduced the new aws_native scanning engine our terraform code looked like this (pasting only relevant code):
resource "aws_ecr_repository" "this" {
for_each = toset(var.repositories)
name = each.value
image_tag_mutability = var.image_tag_mutability
image_scanning_configuration {
scan_on_push = var.scan_images_on_push
}
force_delete = var.force_delete
}
there was no aws_ecr_registry_scanning_configuration resource.
After aws introduced the new scanning engine, we introduced this code (together with the old one):
resource "aws_ecr_registry_scanning_configuration" "this" {
scan_type = "BASIC"
rule {
scan_frequency = "SCAN_ON_PUSH"
repository_filter {
filter = "*"
filter_type = "WILDCARD"
}
}
}
I would now expect that after a terraform apply run the scanning engine to be updated to the latest BASIC one, but it still remains the same old one even though the run was successful.
Am I correct to expect that the terraform apply run should upgrade to the latest BASIC scanning engine? Or do I have to manually opt in (see screenshot) to the new scanning engine via the aws gui?
Thanks a lot in advance!