ECR Lifecycle policy: Simplest way to get rid of older images

Neron Joseph
4 min readOct 24, 2020

--

Elastic container registry

The software industry knows the importance of Docker or containerization in today’s software deployment process. As a DevOps engineer, my life became so easier after we adapted Docker in our deployments.

AWS Elastic container registry is the best choice to store our container images if we are using AWS as our cloud vendor. I would include ECR even in my simplest CI pipeline, as this will build our image in the pipeline and push that image to AWS ECR. After that, even if we are going with manual deployment or the scripted version, pulling images from ECR and deploying it is the best and easiest option.

Once we set up the CI/CD pipeline, this build and push process would continue. If our images are big, the size of ECR will increase in the long run and this would add up a little in ECR cost. So, in order to remove unwanted images, AWS is offering a very simple-to-setup feature called ECR Lifecycle Policy.

In my development environment repo, I had to keep only the latest 5 images (maximum) in case if I need to revert back. With ECR Lifecycle Policy, we can expire/delete images based on age and count. Given below is a lifecycle policy template provided by AWS:

{     
"rules": [
{
"rulePriority": integer,
"description": "string",
"selection": {
"tagStatus": "tagged"|"untagged"|"any",
"tagPrefixList": list<string>,
"countType": "imageCountMoreThan"|"sinceImagePushed",
"countUnit": "string",
"countNumber": integer
},
"action": {
"type": "expire"
}
}
]
}

AWS console makes the creation of ECR Lifecycle Policy very simple by using a user interface with options rather than writing policies ourselves. Given below are the steps to create Lifecycle policies by using the AWS Console.

Steps:

  1. Login to AWS Console and navigate to the AWS ECR section. Then click on Repositories and choose your repository from the list (if you have multiple repositories)
ECR repository page

2. Click on the Lifecycle Policy and click Edit Test rules and then Create rule

Lifecycle policy page

3. On the next page, we can provide details like:

  • Rule priority: The order in which the rules execute (if we have multiple rules).
    (The default is 2. We can go with that now. )
  • Rule description: A description of your lifecycle policy
  • Image status: Can be tagged, untagged, or any. This is based on our image.
    (For now, we can choose Any as an example)
  • Match criteria: We have 2 options, Since Image pushed and Image count more than.
    (In the example, I choose the option Image count more than and choose 5 in the next column. This policy will keep only the latest 5 images and will remove the older ones)
Create test rule page

4. On the next page, you can click on Save and run test button. This will show which all images will get deleted if you already have images in your repository.

Test rules page

5. If you are satisfied with the policy, you can click on Apply as lifecycle policy button to save it as your repository policy.

6. Voila!

In this way, we can easily create an ECR Lifecycle policy and delete older images based on the criteria that we provide. AWS itself provides very comprehensive documentation along with Lifecycle policy examples. You can use the link below for a detailed understanding of the topic. You can also try out other policies with tagged images, match criteria with since image pushed, etc.

Reference:

Happy exploring ! ! ! ❤

Photo by KAL VISUALS on Unsplash

--

--