AWS Lambda function / Docker image to clean up untagged images stored in ECR.

The default maxinum number of images per one ECR repository is 1000. In addition, users are changed with storage pricing: $0.10 per GB-month.

• Amazon ECR Service Limits - Amazon ECR
• AWS | Amazon EC2 Container Service | Pricing

If you build new image and push to ECR frequently, this repository capacity will be filled up soon.

By the way, most images which are untagged (= old) image may be no longer needed. We have no reason to retain unnecessary image for a long time.

Why don't you delete unnecessary images to save cost?

These 3 operation must be authorized:

• ecr:BatchDeleteImage
• ecr:DescribeRepositories
• ecr:ListImages

You can deploy this function as a part of Apex project, standalone Lambda function or Kubernetes CronJob.

Add ecr-gc to your Apex project:

$ git submodule add https://github.com/dtan4/ecr-gc.git functions/ecr-gc

Deploy it:

$ apex deploy ecr-gc

Try it:

$ cp functions/ecr-gc/event.json.sample functions/ecr-gc/event.json
$ vim functions/ecr-gc/event.json
$ cat functions/ecr-gc/event.json
{
  "strategy": "untagged",
  "repositories": [
    "reponame"
  ]
}
$ apex invoke ecr-gc < functions/ecr-gc/event.json

If repositories is empty, ALL repositories will be cleaned up.

$ cat functions/ecr-gc/event.json
{
  "strategy": "untagged"
}
$ apex invoke ecr-gc < functions/ecr-gc/event.json

Build .zip package:

$ npm install
$ npm run dist

Upload dist/ecr-gc.zip via Management Console or awscli.

Set these Secrets:

deploy CronJob resource:

kubectl create -f kubernetes/cronjob.yaml [-n NAMESPACE]

ecr-gc Job will be invoked at 0:30 GMT in default.