Skip to main content

Use Case for AWS ECR Repositories should have a lifecycle policy configured

  1. Configure AWS ECR Repositories should have a lifecycle policy configured
  2. Use Case for AWS ECR Repositories should have a lifecycle policy configured
  3. Triage Guides by Violation Type
    1. Triage AWS ECR Repositories should have a lifecycle policy configured IMAGE_LIFECYCLE_POLICY_NOT_ENABLED

ECR Repository Lifecycle Policy

Overview

This policy checks whether an Amazon Elastic Container Registry (ECR) repository has a lifecycle policy enabled. Lifecycle policies help manage the lifecycle of images in your repositories, ensuring that you can control the retention and deletion of images to optimize storage costs.

Why Use This Policy?

Pros:

  • Cost Management: Helps reduce storage costs by automatically removing unused images.
  • Compliance: Ensures that outdated or vulnerable images are not kept longer than necessary.
  • Optimization: Keeps your ECR repositories clean and efficient.

Cons:

  • Complexity: Requires understanding and setting up lifecycle policies for each repository.
  • Risk of Data Loss: Incorrect configuration can lead to the accidental deletion of necessary images.

How It Works

This policy verifies the presence of a lifecycle policy for ECR repositories. If a lifecycle policy is not enabled, it flags a violation with the type IMAGE_LIFECYCLE_POLICY_NOT_ENABLED.

Violation Type IDs

  • IMAGE_LIFECYCLE_POLICY_NOT_ENABLED: Indicates that the ECR repository does not have a lifecycle policy enabled.

Example Usage

To use this policy, you need to ensure that each of your ECR repositories has a properly configured lifecycle policy. Regularly review and update these policies to align with your organization's needs.