By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I check my Amazon ECR lifecycle policy events?

2 minute read
0

Amazon Elastic Container Registry (Amazon ECR) removes images from my repository, and I want to check if these events are related to my lifecycle policy.

Short Description

A lifecycle policy allows you to specify the lifecycle management of images in your Amazon ECR repository. This lets you automate the clean-up of your container images. For example, the policy can instruct Amazon ECR to expire images based on age or count. After you create a lifecycle policy, the affected images expire within 24 hours.

To check if your lifecycle policy deleted a specific image, use AWS CloudTrail.

Resolution

  1. Open the CloudTrail Console.
  2. In the navigation pane, choose Event history.
  3. For Lookup attributes, choose Event Name as the filter. Then, enter PolicyExecutionEvent as the event name.
  4. Select the time range of the event that want to search for. Then, choose Apply.
  5. CloudTrail shows events, similar to the following example: 
    {
    "eventVersion": "1.05",
    "userIdentity": {
        "accountId": "123456789012",
        "invokedBy": "AWS Internal"
    },
    "eventTime": "2020-03-12T20:22:12Z",
    "eventSource": "ecr.amazonaws.com",
    "eventName": "PolicyExecutionEvent",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "AWS Internal",
    "userAgent": "AWS Internal",
    "requestParameters": null,
    "responseElements": null,
    "eventID": "9354dd7f-9aac-4e9d-956d-12561a4923aa",
    "readOnly": true,
    "resources": [{
        "ARN": "arn:aws:ecr:us-west-2:123456789012:repository/testrepo",
        "accountId": "123456789012",
        "type": "AWS::ECR::Repository"
    }],
    "eventType": "AwsServiceEvent",
    "recipientAccountId": "123456789012",
    "serviceEventDetails": {
        "repositoryName": "testrepo",
        "lifecycleEventPolicy": {
            "lifecycleEventRules": [{
                "rulePriority": 1,
                "description": "remove all images > 2",
                "lifecycleEventSelection": {
                    "tagStatus": "Any",
                    "tagPrefixList": [],
                    "countType": "Image count more than",
                    "countNumber": 2
                },
                "action": "expire"
            }],
            "lastEvaluatedAt": 0,
            "policyVersion": 1,
            "policyId": "ceb86829-58e7-9498-920c-aa042e33037b"
        },
        "lifecycleEventImageActions": [{
            "lifecycleEventImage": {
                "digest": "sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45",
                "tagStatus": "Tagged",
                "tagList": ["alpine"],
                "pushedAt": 1584042813000
            },
            "rulePriority": 1
        }, {
            "lifecycleEventImage": {
                "digest": "sha256:6ab380c5a5acf71c1b6660d645d2cd79cc8ce91b38e0352cbf9561e050427baf",
                "tagStatus": "Tagged",
                "tagList": ["centos"],
                "pushedAt": 1584042842000
            },
            "rulePriority": 1
        }]
    }
}

Use this output to find any lifecycle policy events that relate to your deleted images.

Related information

Logging Amazon ECR actions with AWS CloudTrail

Topics
Containers
Tags
Amazon Elastic Container Registry (ECR)
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago
No comments

Relevant content