Merge pull request #20 from otuma-skippay/feature/ecr-lifecycle-policy

Feature/ecr lifecycle policy
druids · Jul 11, 2024 · 9dd70b9 · 9dd70b9
2 parents b34d557 + 4b3370f
commit 9dd70b9
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ The service is behind a load balancer which means it is exposed. A HTTP healthch
 | cooldown | n/a | `number` | `60` | no |
 | cpu | CPU reservation for the task | `number` | `256` | no |
 | deregistration\_delay | n/a | `number` | `30` | no |
-| ecr\_tag\_prefix\_list |  n/a | `list` | `["!latest"]` | no |
+| ecr\_tag\_prefix\_list |  n/a | `list` | `["latest"]` | no |
 | ecr_number\_of\_newest_tags |  n/a | `number` | `90` | no |
 | ecr\_untagged\_lifetime |  n/a | `number` | `1` | no |
 | environment | n/a | `list` | `[]` | no |

diff --git a/ecr.tf b/ecr.tf
@@ -10,7 +10,7 @@ resource "aws_ecr_repository" "application" {
 }
 
 resource "aws_ecr_lifecycle_policy" "application" {
-  count = var.image == "" ? 1 : 0
+  count      = var.image == "" ? 1 : 0
   repository = aws_ecr_repository.application[0].name
 
   policy = jsonencode({
@@ -30,12 +30,24 @@ resource "aws_ecr_lifecycle_policy" "application" {
       },
       {
         rulePriority = 2
-        description  = "Expire tagged images and keep last ${var.ecr_number_of_newest_tags}"
+        description  = "Keep important tags safe."
         selection = {
           tagStatus     = "tagged"
           tagPrefixList = var.ecr_tag_prefix_list
-          countType = "imageCountMoreThan"
-          countNumber   = var.ecr_number_of_newest_tags
+          countType     = "imageCountMoreThan"
+          countNumber   = 10000
+        }
+        action = {
+          type = "expire"
+        }
+      },
+      {
+        rulePriority = 3
+        description  = "Expire tagged images and keep last ${var.ecr_number_of_newest_tags}"
+        selection = {
+          tagStatus   = "tagged"
+          countType   = "imageCountMoreThan"
+          countNumber = var.ecr_number_of_newest_tags
         }
         action = {
           type = "expire"
@@ -44,7 +56,7 @@ resource "aws_ecr_lifecycle_policy" "application" {
     ]
   })
 
-depends_on = [ aws_ecr_repository.application ]
+  depends_on = [aws_ecr_repository.application]
 }
 
 output "ecr_repository" {

diff --git a/variables.tf b/variables.tf
@@ -309,6 +309,6 @@ variable "ecr_number_of_newest_tags" {
 }
 
 variable "ecr_tag_prefix_list" {
-  default = ["!latest"]
+  default = ["latest"]
   type = list(string)
 }