An AWS Lambda Function to clean ecr repos automatically.
node.js( AWS Lambda working version is 4.3.2 )
Clone this repository and install dependencies:
$ git clone git@github.com:Puemos/aws-lambda-ecr-cleaner.git
$ cd aws-lambda-ecr-cleaner
$ npm installAWS Lambda accepts zip archived package. To create it, run npm run package task simply.
$ npm run package --packageDirectory=./distIt will create aws-lambda-ecr-cleaner.zip at project root. You can upload it.
Use AWS Environment Variables
| Name | Type | Description | Default |
|---|---|---|---|
| DRY_RUN | Bool | Run without delete | true |
| API_DELAY | Integer | Delay between calls | 500 |
| REPO_AGE_THRESHOLD | Integer | Image age threshold | 90 |
| REPO_FIRST_N_THRESHOLD | Integer | How many images from each group to keep | 3 |
| AWS_ACCOUNT_ID | Integer | The account id number | |
| REGION | String | ECR and ECS region. | us-east-1 |
| REPO_TO_CLEAN | String / Array String | One repo name or an array of repos name to clean | |
| ENVS | Array String | Group by these strings and one for each unique tag |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "LambdaBasicExecution",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
},
{
"Action": [
"ecr:BatchDeleteImage",
"ecr:ListImages",
"ecr:DescribeImages",
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecs:DescribeTaskDefinition",
"ecs:ListTaskDefinitions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}For a more restrictive policy, you can specify the resources. See ARNs and Namespace docs for complete list.
- ECR Resources:
"arn:aws:ecr:region:account:repository/my-repo""arn:aws:ecr:region:account:repository/develop-*"
- ECS Resources
"arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number""arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:*""arn:aws:ecs:region:account-id:task-definition/*"
MIT License @ Shy Alter