Giter Club home page Giter Club logo

ecr-cleanup-lambda's Introduction

ecr-cleanup-lambda

A lambda for cleaning out dangling and irrelevant images from the AWS ECR

This JavaScript file can be uploaded into AWS Lambda and used to clean up your ECR repository.

A few things are worth calling out though:

  • Right now this is tuned for the organization I work at; you'll probably want to adjust some of the criteria before running it on your own repos (for example, the string 'PR' might not be what you want to look for)
  • This assumes that images that are missing a tag are implicitly dangling images. Since AWS wraps the Docker APIs, this is a loose constraint, whereas the Docker API has a native identification of an image being considered dangling (i.e. this could change in later versions of ECS)
  • This script keeps the latest 50 images that my organization considers releases. The ECR API fetches 100 at a time, and we're not doing pagination since the assumption is that this runs often enough that there aren't more than 100 images in a single pass.
  • The batchDeleteImage call DOES NOT have a dryRun flag. If you're going to use this I strongly urge you to comment out the call here and check the logging this will generated to make sure things look correct.
  • Since we're using timestamps at my organization, I had to dig into the metadata a bit to find the created date (it surprised me that this didn't appear to be a first class citizen). The v1Compatibility object seemed to be the only place I could find this info. If you're reading this and know of another, feel free to open an issue or a PR to fix it.

IAM policy screwiness

Getting the policy correct for this was a bizarre process, namely because ecr.describeRepositories didn't seem happy with any resource in the policy other than '*'. Trying other ARNs like 'aws:ecr:*' and others suggested in the AWS docs didn't seem to work correctly.

To avoid others going through the same pain, here's the policy I ended up using:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Action":[
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource":"arn:aws:logs:*:*:*",
      "Effect":"Allow"
    },
    {
      "Action":[
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:BatchGetImage",
        "ecr:BatchDeleteImage"
      ],
      "Resource":"*",
      "Effect":"Allow"
    }
  ]
}

ecr-cleanup-lambda's People

Contributors

theotherian avatar

Watchers

James Cloos avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.