aws-lambda-ecr-cleaner icon indicating copy to clipboard operation
aws-lambda-ecr-cleaner copied to clipboard

Published 20 hours ago verified publisher icon puemos

Metadata

An AWS Lambda Function to automate ECR cleanup

drawing

AWS lambda ecr cleaner

Code Climate JavaScript Style Guide Coverage Status Build

An AWS Lambda Function to clean ecr repos automatically.

Requirements

  • node.js ( AWS Lambda working version is 4.3.2 )

Installation

Clone this repository and install dependencies:

$ git clone [email protected]:Puemos/aws-lambda-ecr-cleaner.git
$ cd aws-lambda-ecr-cleaner
$ npm install

Packaging

AWS Lambda accepts zip archived package. To create it, run npm run package task simply.

$ npm run package --packageDirectory=./dist

It will create aws-lambda-ecr-cleaner.zip at project root. You can upload it.

Configuration

Hardcode the configuration on config.json

Use AWS Environment Variables

Name Type Description Default
DRY_RUN Bool Run without delete true
API_DELAY Integer Delay between calls 500
REPO_AGE_THRESHOLD Integer Image age threshold 90
REPO_FIRST_N_THRESHOLD Integer How many images from each group to keep 3
AWS_ACCOUNT_ID Integer The account id number
REGION String ECR and ECS region. us-east-1
REPO_TO_CLEAN String / Array String One repo name or an array of repos name to clean
ENVS Array String Group by these strings and one for each unique tag

Lambda IAM Role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "LambdaBasicExecution",
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        },
        {
            "Action": [
                "ecr:BatchDeleteImage",
                "ecr:ListImages",
                "ecr:DescribeImages",
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "ecs:DescribeTaskDefinition",
                "ecs:ListTaskDefinitions"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

For a more restrictive policy, you can specify the resources. See ARNs and Namespace docs for complete list.

  • ECR Resources:
    • "arn:aws:ecr:region:account:repository/my-repo"
    • "arn:aws:ecr:region:account:repository/develop-*"
  • ECS Resources
    • "arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number"
    • "arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:*"
    • "arn:aws:ecs:region:account-id:task-definition/*"

License

MIT License @ Shy Alter

Credits

  • https://github.com/ysugimoto/aws-lambda-image
  • https://github.com/trek10inc/ecr-cleaner

Metadata

17
Stars
2
Forks
Watchers

Owner

verified publisher icon puemos

Metadata

An AWS Lambda Function to automate ECR cleanup

Back