containers-roadmap icon indicating copy to clipboard operation
containers-roadmap copied to clipboard
verified publisher icon aws

[ECR] [request]: Allow exclusion of prefixes for lifecycle policy rules

Open nickperkins opened this issue 3 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Allow exclusion of tag prefixes for lifecycle policy rules

Which service(s) is this request for? ECR

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We promote our images from preproduction to production. We may create a number of preproduction images, but ultimately only release a few of those to production. We would like to use a lifecycle policy to clean up the preproduction images but there is no way to exclude those with production tags as well.

For example, an image has the following tags:

8c96f0598f74e5f9c61fe8dcefe7c11732ee3b30, release-4-5-2-8c96f059-463320462, v4.5.2

A lifecycle rule targeting the release prefix will clean up this image.

What we need is a rule for images that have a v prefix, and a rule for images that have a release, not v prefix.

Are you currently working around this issue? We are not currently running a lifecycle policy on these images

Additional context Anything else we should know?

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

nickperkins avatar May 05 '22 22:05 nickperkins

Hey this is really unintuitive, but i think it is possible:

As per doc: "An image that matches the tagging requirements of a rule cannot be expired by a rule with a lower priority." from: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

It is explained here https://stackoverflow.com/a/51391405/15623346

David3Ar avatar Dec 20 '22 11:12 David3Ar

The current workaround mentioned by @David3Ar seems unnecessarily complex and prone to error. The way these policies are defined really needs to be made more intuitive and support normal regex/glob patterns.

kamzil avatar Mar 04 '24 15:03 kamzil

Additionally, if you have multiple exclusions, you need to create a separate rule for each tag you'd like to exclude.

Since according to this: https://docs.aws.amazon.com/AmazonECR/latest/userguide/lifecycle_policy_examples.html#lp_example_difftype

When multiple tag patterns are specified on a single rule, images must match all listed tag patterns.

So for each tag you'd like to exclude, you need a separate rule, before the final one that will perform the actual cleanup on all the un-matched images. This makes the rules very confusing and will likely cause errors in configurations.

pbudzon avatar Nov 05 '25 16:11 pbudzon