Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
I would like for ECR lifecycle policies to apply to image tags, instead of images.
Which service(s) is this request for?
ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Right now, when we push an image it includes multiple tags, like:
github-sha-<sha>for every build<branch>-latestfor every build from a PRv1.2.3if built from a tag/release
We want to expire github-sha-* tags frequently, but keep the other tags forever. Currently, we have to create a high priority rule for each tag pattern we want to keep, e.g. v* and *-latest.
However, this frequently results in images being accidentally expired. If someone manually adds a tag (like dev-<owner>) but the build also includes a github-sha-<sha> tag, then the image will be expired because the github-sha-* tag rule is matched, even though the image has additional tags that wouldn't be expired by any rule.
I would like to be able to create a lifecycle rule that only removes the tag matching the rule, not the entire image. Then, an additional rule can delete untagged images to free up storage. This way, the behaviour is as expected - tags matching the rule pattern are deleted, and other tags are not affected if they are on the same image.
My proposal is to add a new action value to the rules: expireTag that has this effect, but I'm not set on this.
Are you currently working around this issue?
Currently, we insert a high priority rule for all of the tag patterns we want to keep. But as mentioned above, this frequently results in images being accidentally expired.