The Python script and Lambda function described here help clean up images in Amazon ECR. The script looks for images that are not used in running Amazon ECS tasks or Kubernetes, that can be deleted. You can configure the script to print the image list first to confirm deletions, specify a region, or specify a number of images to keep for potential rollbacks.

Configuring the AWS Command Line Interface.

To prevent any problems with your system Python version conflicting with the application, we recommend using virtualenv.

• Prints the images that are not used by running tasks and which are older than the last 100 versions, in all regions:

   python3 main.py
  

• Deletes the images that are not used by running tasks and which are older than the last 100 versions, in all regions:

    python3 main.py -dryrun False
  

• Deletes the images that are not used by running tasks and which are older than the last 20 versions (in each repository), in all regions:

    python3 main.py -dryrun False -imagestokeep 20
  

• Deletes the images that are not used by running tasks and which are older than the last 20 versions (in each repository), in Oregon only:

    python3 main.py -dryrun False -imagestokeep 20 -region us-west-2
  

• Deletes the images that are not used by running tasks and which are older than the last 20 versions (in each repository), in Oregon only, and ignore image tags that contains release or archive:

    python3 main.py -dryrun False -imagestokeep 20 -region us-west-2 -ignoretagsregex release|archive
  

• Deletes the images that are not used by running tasks and which are older than the last 20 versions (in foo and bar repositories), in Oregon only, and ignore image tags that contains release or archive:

    python3 main.py -dryrun False -imagestokeep 20 -region us-west-2 -ignoretagsregex release|archive -repositories foo bar
  

• Deletes the images that are not used by running tasks and which are older than the last 20 versions (in foo and bar repositories), in Oregon only, select only images with tag beginning with ^re but ignore image tags that contains release or review:

    python3 main.py -dryrun False -imagestokeep 20 -region us-west-2 -ignoretagsregex release|review -filtertagsregex ^re -repositories foo bar
  

• Deletes the images that are not used by running tasks in the AWS accounts referenced by production and staging AWS profiles, or production and staging Kubernetes contexts and which are older than the last 20 versions (in foo and bar repositories), in Oregon only, select only images with tag beginning with ^re but ignore image tags that contains release or review:

    python3 main.py -dryrun False -imagestokeep 20 -region us-west-2 -ignoretagsregex release|review -filtertagsregex ^re -repositories foo bar -aws-profiles production,staging -k8s-contexts production,staging
  

export REGION=us-west-2
export DRY_RUN=False
export IMAGES_TO_KEEP=20
export REPOSITORIES_FILTER='foo bar'
export IGNORE_TAGS_REGEX='release|review'
export FILTER_TAGS_REGEX='^re'
export AWS_PROFILES='production,staging'
export K8S_CONTEXTS='production,staging'

python3 main.py

Instead of running as a local Python script this can also be deployed to AWS Lambda using the included Cloudformation template.

1. cd to the folder that contains main.py.
2. Run the following command: pip install -r requirements.txt -t pwd``
3. Compress the contents of folder (not the folder).

1. Run the following command: aws lambda create-function --function-name {NAME_OF_FUNCTION} --runtime python3.8 --role {ARN_NUMBER} --handler main.handler --timeout 15 --zip-file fileb://{ZIP_FILE_PATH}

1. Run the following command:

   aws lambda update-function-code --function-name {NAME_OF_FUNCTION} --zip-file fileb://{ZIP_FILE_PATH}