forms-terraform icon indicating copy to clipboard operation
forms-terraform copied to clipboard

Published 20 hours ago verified publisher icon cds-snc

Make all ECR repositories immutable

Open craigzour opened this issue 9 months ago • 0 comments

Related to this discussion

When implementing containerized Lambda functions we had a discussion concerning the mutability of our ECR repositories. The recommendation is to make them immutable so that there is no chance an image is being mistakenly overridden. In our current infra, for simplicity, we decided to have all Lambda function point to the tag named latest and every time we deploy a new version we tag it with both the commit SHA and latest tags. There is an ongoing discussion in this ticket https://github.com/aws/containers-roadmap/issues/878 to see if AWS can support immutability expect for latest which would become some kind of a pointer to the newest image. If this gets implemented then we would be able to tweak our implementation so that we switch our repositories to being immutable.

More information in the discussion linked at the beginning.

craigzour avatar May 03 '24 19:05 craigzour