Geek Answers Handbook

How to remove unlabeled images from AWS ECR Container Registry

When you click images on Amazon ECR, if the tag already exists in the repo, the old image remains in the registry, but goes into an untagged state.

So, if I docker press image/haha:1.0.0 the second time I do this (assuming something changes), the first image becomes unlabeled from AWS ECR .

Is there a way to safely clean all registries from untagged images?

+8
docker amazon-web-services amazon-ecr
source share
4 answers

I actually faked a one line solution using aws cli

 aws ecr describe-repositories --output text | awk '{print $5}' | while read line; do aws ecr list-images --repository-name $line --filter tagStatus=UNTAGGED --query 'imageIds[*]' --output text | while read imageId; do aws ecr batch-delete-image --repository-name $line --image-ids imageDigest=$imageId; done; done

What does he do:

  • get all storage
  • for each repository give me all images with tagStatus=UNTAGGED
  • for each image + repo issue batch-delete-image
+5
source share

You can delete all images in one request without loops:

 IMAGES_TO_DELETE=$( aws ecr list-images --region $ECR_REGION --repository-name $ECR_REPO --filter "tagStatus=UNTAGGED" --query 'imageIds[*]' --output json ) aws ecr batch-delete-image --region $ECR_REGION --repository-name $ECR_REPO --image-ids "$IMAGES_TO_DELETE" || true

First, it gets a list of images that are not tagged in json format:

[ {"imageDigest": "sha256:..."}, {"imageDigest": "sha256:..."}, ... ]

Then it sends this list to batch-image-delete .

Last || true || true necessary to avoid an error code if there are no untagged images.

+13
source share

Now that ECR supports life policies ( https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html ), you can use it to automatically remove untagged images.

Configure lifecycle policy preview using the console

Open Amazon's ECS console at https://console.aws.amazon.com/ecs/ .

In the navigation pane, select the region that contains the repository where you can preview the lifecycle policy.

In the navigation bar, select Repositories and select a repository.

On the All Repositories: Repository_Name page, select Dry Run Lifecycle Rules Add.

Enter the following data for your lifecycle policy rule:

For rule priority, enter a number for rule priority.

In the Rule Description field, enter a description of the lifecycle policy. The rule.

For image status, select Tag or Untagged.

If you specified Tagged for Image Status, then for the list of tag prefixes, you can optionally specify a list of image tags, actions with your life cycle policy. If you specified Untagged, this field should be empty.

For matching criteria, select values ​​for the types Count, Count Number, and Count (if applicable).

Choose save

Create additional lifecycle policy rules by repeating steps 5-7.

To start a lifecycle policy preview, select Save and view the results.

In the "Image Preview Results" section, review the impact of your lifecycle preview policy.

If you are satisfied with the results of the preview, select Apply As Lifecycle to create a lifecycle policy with the specified rule.

From here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/lpp_creation.html

+3
source share

Establishing a lifecycle policy is by far the best way to handle this. That being said: if you have a bunch of images that you want to delete, keep in mind that the maximum for batch deleting images is 100. So you need to do this because the number of untagged images is more than 100:

 IMAGES_TO_DELETE=$( aws ecr list-images --repository-name $ECR_REPO --filter "tagStatus=UNTAGGED" --query 'imageIds[0:100]' --output json ) echo $IMAGES_TO_DELETE | jq length # Gets the number of results aws ecr batch-delete-image --repository-name $ECR_REPO --image-ids "$IMAGES_TO_DELETE" --profile qa || true
0
source share

More articles:


All Articles