diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a38f235..2f20cb2a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
## [Unreleased]
- new `datafusion` module
+- new `container-registry` module
## [1.6.0] - 2020-05-20
diff --git a/README.md b/README.md
index d452917b..827e84f0 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,6 @@ Currently available modules:
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [GKE cluster](./modules/gke-cluster), [GKE nodepool](./modules/gke-nodepool), [COS container](./modules/cos-container) (coredns, mysql, onprem, squid)
- **data** - [GCS](./modules/gcs), [BigQuery dataset](./modules/bigquery-dataset), [Pub/Sub](./modules/pubsub)
- **security** - [KMS](./modules/kms), [SecretManager](./modules/secret-manager)
-- **development** - [Cloud Source Repository](./modules/source-repository)
+- **development** - [Cloud Source Repository](./modules/source-repository), [Container Registry](./modules/container-registry)
For more information and usage examples see each module's README file.
diff --git a/modules/container-registry/README.md b/modules/container-registry/README.md
new file mode 100644
index 00000000..aac0f02c
--- /dev/null
+++ b/modules/container-registry/README.md
@@ -0,0 +1,34 @@
+# Google Cloud Container Registry Module
+
+This module simplifies the creation of GCS buckets used by Google Container Registry.
+
+## Example
+
+```hcl
+module "container_registry" {
+ source = "../../modules/container-registry"
+ project_id = "myproject"
+ location = "EU"
+ iam_roles = ["roles/storage.admin"]
+ iam_members = {
+ "roles/storage.admin" = ["group:cicd@example.com"]
+ }
+}
+```
+
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| project_id | Registry project id. | string
| ✓ | |
+| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | map(list(string))
| | null
|
+| *iam_roles* | List of roles used to set authoritative bindings. | list(string)
| | null
|
+| *location* | Bucket location. Can be US, EU, ASIA or empty | string
| |
|
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| bucket_id | ID of the GCS bucket created | |
+
diff --git a/modules/container-registry/main.tf b/modules/container-registry/main.tf
new file mode 100644
index 00000000..073e2995
--- /dev/null
+++ b/modules/container-registry/main.tf
@@ -0,0 +1,27 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_container_registry" "registry" {
+ project = var.project_id
+ location = var.location
+}
+
+resource "google_storage_bucket_iam_binding" "bindings" {
+ for_each = toset(var.iam_roles)
+ bucket = google_container_registry.registry.id
+ role = each.value
+ members = lookup(var.iam_members, each.value, [])
+}
diff --git a/modules/container-registry/outputs.tf b/modules/container-registry/outputs.tf
new file mode 100644
index 00000000..cbd09710
--- /dev/null
+++ b/modules/container-registry/outputs.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "bucket_id" {
+ description = "ID of the GCS bucket created"
+ value = google_container_registry.registry.id
+}
diff --git a/modules/container-registry/variables.tf b/modules/container-registry/variables.tf
new file mode 100644
index 00000000..15074aca
--- /dev/null
+++ b/modules/container-registry/variables.tf
@@ -0,0 +1,38 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "iam_members" {
+ description = "Map of member lists used to set authoritative bindings, keyed by role."
+ type = map(list(string))
+ default = null
+}
+
+variable "iam_roles" {
+ description = "List of roles used to set authoritative bindings."
+ type = list(string)
+ default = null
+}
+
+variable "location" {
+ description = "Registry location. Can be US, EU, ASIA or empty"
+ type = string
+ default = ""
+}
+
+variable "project_id" {
+ description = "Registry project id."
+ type = string
+}
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
new file mode 100644
index 00000000..bc4c2a9d
--- /dev/null
+++ b/modules/container-registry/versions.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.12.6"
+}