Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ECR repository/S3 Bucket of assets needs clean up

See original GitHub issue

Please +1 Garbage Collection RFC

Original title: (was Lifecycle support for DockerImageAssets)

It would be helpful to apply lifecycle rules for the ECR to which DockerImageAsset’s are pushed to.

Use Case

Right now CDK automatically defines the repository and keeps all previous images stored in there. Because of rapid prototyping this causes a lot of images to build up. In order to save cost on storing these images and to declutter the interface from old unused images it would be neat to be able to define a lifecycle for these images.

Proposed Solution

Ideally it would be possible to define lifecycle rules for the DockerImageAsset itself, but exposing the Repository construct through DockerImageAsset#repository instead of the generic IRepository interface would also work:

import {DockerImageAsset} from "@aws-cdk/aws-ecr-assets";

const image = new DockerImageAsset(this, "Image", {
  directory: "path/to/dockerfile"
});

image.repository.addLifecycleRule({maxImageCount: 30})

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 4 years ago
Reactions:48
Comments:10 (5 by maintainers)

Top GitHub Comments

15reactions

eladbcommented, Aug 3, 2021

The current way image assets work in the CDK implies that a single ECR repository is used for all asset images. You can use cdk-ecr-deployment in order to deploy image assets to a specific ECR repository in your control.

As for garbage collecting images from the assets ECR repository, this is something we plan to add at some point as part of a broader garbage collection capability (applies to buckets as well).

Please +1 this RFC if you want to see this prioritized: https://github.com/aws/aws-cdk-rfcs/issues/64

9reactions

DerkSchooltinkcommented, Mar 14, 2020

@rix0rrr @eladb, how does this fit into the “single repository : n images” strategy? Can we add a method that lets you add lifecycle rules at the image level (by targetting specific tags based on the assets unique ID perhaps?) in addition to exposing at the repository level?

What about exposing a field on DockerImageAsset that allows for defining a repository yourself? That allows us to create an ECR separately (with the lifecycle rules) and would not mess with the single repository setup.

Example:

const repository = new Repository(this, 'Repository');
repository.addLifecycleRule({maxImageCount: 5});

const image = new DockerImageAsset(this, "Image", {
    directory: "path/to/dockerfile",
    repository: repository
});

Top Results From Across the Web

AWS::ECR::Repository - AWS CloudFormation

The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, ...

How to cleanup resources for AWS CDKToolkit stack

This is expected - the right way to completely remove all the resources is to remove the asset bucket by hand afterwards. You...

Identify vulnerabilities in Amazon AWS Elastic Container ...

The agentless scanner, powered by the open-source scanner Trivy, scans your ECR repositories and reports vulnerabilities. Defender for ...

Cleanup - Snyk User Docs

Delete ECR Repository. aws ecr delete-repository --repository-name modernization-workshop --force. . # Delete CloudFormation Pipeline and ECS Stacks.

AWS::ECR::Repository - Amazon CloudFormation

Properties. EncryptionConfiguration. The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest ...