Amazon ECR Repository Without Lifecycle Policy

Overview

This check identifies Amazon Elastic Container Registry (ECR) repositories that do not have lifecycle policies configured. Without lifecycle policies, repositories can accumulate old, unused, and untagged container images over time, leading to unnecessary storage costs.

Why This Matters

ECR repositories without lifecycle policies tend to accumulate images indefinitely. This includes:

Old image versions that are no longer deployed
Untagged images from failed or interrupted builds
Development and testing images that are no longer needed
Multiple versions of images that exceed retention requirements

Implementing lifecycle policies can significantly reduce storage costs by automatically removing old or unused images based on criteria you define.

Recommended actions

Configure lifecycle policies for your ECR repositories to automatically clean up old and unused images. A typical lifecycle policy might:

Keep only the last N tagged images
Remove untagged images after a certain period (e.g., 7-14 days)
Remove images older than a certain age
Keep images with specific tags (like "production" or "latest")

Estimated Savings

The estimated savings is based on your current ECR storage costs. By implementing lifecycle policies, you can typically reduce storage by 20-30% through removal of:

Untagged images from failed builds
Old versions of images no longer in use
Development and testing images

Actual savings will vary based on your image retention requirements and current repository management practices.

How to Fix

Open the Amazon ECR console
Navigate to the repository identified in the recommendation
Click "Lifecycle Policy" in the left navigation
Create a new lifecycle policy using the visual editor or JSON
Define rules for image retention (e.g., keep last 10 images, remove untagged after 7 days)
Test the policy using the "Dry run" feature before enabling
Save and enable the lifecycle policy

Additional Resources

Updated about 10 hours ago