feat(ecr): add lifecycle policy to clean up untagged images #6296
+31
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ekaya97
approved these changes
Dec 28, 2025
Contributor
|
+1 as workaround, following can be applied to sst.config.ts async run() {
new aws.ecr.LifecyclePolicy("sst-asset-lifecycle", {
repository: "sst-asset", //ECR name from SST bootstrap
policy: JSON.stringify({
"rules": [
{
"rulePriority": 1,
"description": "Expire untagged images pushed over 30 days ago",
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 30
},
"action": {"type": "expire"}
}
]
}),
});
}, |
Collaborator
|
i'm wondering if this should be more explicit. something like: const vpc = new sst.aws.Vpc("MyVpc");
const cluster = new sst.aws.Cluster("MyCluster", { vpc });
new sst.aws.Service("MyService", {
cluster,
image: {
context: "./app",
dockerfile: "Dockerfile",
expiresIn: "30 days"
}
});what do you think? |
Contributor
|
yes, this is much better. with enums like "x days", "on push", etc. |
Collaborator
|
exactly! @ekaya97 do any of you wanna give it a try? |
Contributor
Author
|
@vimtor I'll take care of it tonight! |
Contributor
|
couple questions:
|
Collaborator
|
probably if we do it by service/task we should add a unique tag based on the component's name and create the lifecycle targeting it. maybe there's another way but that's the only one that comes to mind atm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi everyone,
I ran into a semi-big issue while developing my ECS service. My containers are pretty heavy (multiple gigs) and I did a sanity check inside ECR to make see what kind of storage I am looking at.
Low and behold I noticed there are dozens of images that never get deleted.
This PR adds a lifecycle policy to ECR that expires untagged images, which as far as I can tell are what we can safely remove.
I do forsee a problem with rollbacks since SST uses the digest to attache the image to the task.
I am happy to take input on the exact lifecycle policy to use, I understand this is a pretty big change since it adds to the bootstrap. I tested it and its working:
My change will essentially gives 30 days of rollback time. We could also change the rule to at least keep x number of untagged images. Note: We can only target untagged images with one rule.
I do believe this is very important since ECR storage is pretty expensive at 0.10$ per GB Month.
cheers,
marv