ECR life cycle policy (limitation of only 1 rule with "any" tag is quite limiting). I need a rule with >6 months and image count >3

0

ECR images life cycle policy conundrum

I want to create an ecr rule in aws that has the following conditions:

Image status will be Any (options being tagged, untagged, and any).

images are older than 6 months old

Image count more than is 3.

But because I have my requirements are that the rule must include both conditions of older than 6 months AND image count more than 3, I have to have 2 rules. But AWS only allows me to have 1 rule where the image status is "any". Everyone of my image has a different tag (and different tag prefix :'(
So, I can't choose the tag option for a rule, and almost all of them have tags (some don't).

How can I tackle this issue? I can't be the only one experiencing this.

shake
asked a year ago1544 views
2 Answers
0

You can achieve your goal using a single lifecycle policy rule with the "any" status. Here's a sample JSON policy that retains images with an age of fewer than 180 days (6 months) or at least the 3 most recent images:

{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Retain at least 3 images and images younger than 180 days",
      "selection": {
        "tagStatus": "any",
        "countType": "imageCountMoreThan",
        "countNumber": 3
      },
      "action": {
        "type": "expire"
      }
    },
    {
      "rulePriority": 2,
      "description": "Retain images less than 180 days old",
      "selection": {
        "tagStatus": "any",
        "countType": "sinceImagePushed",
        "countUnit": "days",
        "countNumber": 180
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}

This policy works as follows:

The first rule retains the 3 most recent images, regardless of their age or tag status. The second rule retains any images that are less than 180 days old. By combining these two rules, you will retain at least the 3 most recent images and all images that are less than 180 days old. Images that do not meet either of these conditions will be expired.

To apply this policy, create a file named lifecycle-policy.json, copy the JSON content above, and save it. Then, use the AWS CLI to apply the policy to your ECR repository:

aws ecr put-lifecycle-policy --repository-name your-repository-name --lifecycle-policy-text file://lifecycle-policy.json

Replace your-repository-name with the name of your ECR repository.

profile picture
EXPERT
answered a year ago
  • So I tried to implement your policy by going to AWS ECR --> Repositories --> Mycustomrepository-->Lifecycle Policy -->Actions --> Edit JSON and then pated your policy. But it keeps giving me the following error which is also complaining about having more than 1 "any" as the tag state.

    LifecycleRuleForm.fields.description.validationMessages.max @ rules[0].description Rules for the "any" tag status must be the highest value priority @ rules[0].rulePriority

    LifecycleRuleForm.fields.description.validationMessages.max @ rules[1].description There can only be one rule with the "any" tag status @ rules[1].selection.tagStatus

  • I could try to apply the policy using the AWS CLI as you suggested. But I wanted to test it in the GUI first.

  • I also tried it in the CLI and same issue, I got an error "only one rule can specify the "ANY" tag.

0

as per your comment

you can follow the following steps

  1. Sign in to the AWS Management Console and open the Amazon Elastic Container Registry (ECR) console at https://console.aws.amazon.com/ecr/.
  2. In the left navigation pane, click on "Repositories".
  3. Choose the repository for which you want to create a Lifecycle Policy.
  4. Click on the "Lifecycle policies" tab at the top of the page.
  5. Click on the "Create" button.
  6. In the "Create lifecycle policy" wizard, you can create the rules one at a time. You'll have to create two rules as described in the previous JSON policy example.
  7. For the first rule (tagged images):
  • Set a description (e.g., "Remove tagged images older than 6 months with image count more than 3").
  • Set the "Rule priority" to 1.
  • Choose "Tagged" for "Image status".
  • Choose "imageCountMoreThan" for "Match criteria".
  • Set the "Number of images" to 3.
  • Choose "Older than" for "Evaluation criteria".
  • Set the "Age" to 6, and choose "Months" as the unit.
  • Click on "Add rule". 8.For the second rule (untagged images):
  • Set a description (e.g., "Remove untagged images older than 6 months with image count more than 3").
  • Set the "Rule priority" to 2.
  • Choose "Untagged" for "Image status".
  • Choose "imageCountMoreThan" for "Match criteria".
  • .Set the "Number of images" to 3.
  • Choose "Older than" for "Evaluation criteria".
  • Set the "Age" to 6, and choose "Months" as the unit.
  • Click on "Add rule". 9.Once you've added both rules, click on the "Create policy" button to finalize the policy.
profile picture
EXPERT
answered a year ago
  • Thank you for the suggestion. The GUI is fairly different from the above described steps for me. The AWS CLI and GUI both have a limitation where you can't have 2 rules with the same tag prefix or any value for tag state. And almost all of my images have a tag and they're all different. I think I'm just SOL because this seems like a limitation of AWS ECR (which is quite unfortunate as ECR is not new) and need to go a route of creating something custom.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions