Merge pull request #18 from otuma-skippay/feature/ecr-lifecycle-policy

feat(tf): add ecr lifecycle policy
druids · Jul 3, 2024 · d254fa0 · d254fa0
2 parents f69efb5 + 844f825
commit d254fa0
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -50,6 +50,9 @@ The service is behind a load balancer which means it is exposed. A HTTP healthch
 | cooldown | n/a | `number` | `60` | no |
 | cpu | CPU reservation for the task | `number` | `256` | no |
 | deregistration\_delay | n/a | `number` | `30` | no |
+| ecr\_tag\_prefix\_list |  n/a | `list` | `["!latest"]` | no |
+| ecr\_ecr_number\_of\_newest_tags |  n/a | `number` | `90` | no |
+| ecr\_untagged\_lifetime |  n/a | `number` | `1` | no |
 | environment | n/a | `list` | `[]` | no |
 | healthcheck\_grace | n/a | `number` | `0` | no |
 | healthcheck\_healthy\_threshold | n/a | `number` | `3` | no |

diff --git a/ecr.tf b/ecr.tf
@@ -9,6 +9,44 @@ resource "aws_ecr_repository" "application" {
   tags = local.tags
 }
 
+resource "aws_ecr_lifecycle_policy" "application" {
+  count = var.image == "" ? 1 : 0
+  repository = aws_ecr_repository.application.*.name
+
+  policy = jsonencode({
+    rules = [
+      {
+        rulePriority = 1
+        description  = "Expire untagged images older than ${var.ecr_untagged_lifetime}"
+        selection = {
+          tagStatus   = "untagged"
+          countType   = "sinceImagePushed"
+          countUnit   = "days"
+          countNumber = var.ecr_untagged_lifetime
+        }
+        action = {
+          type = "expire"
+        }
+      },
+      {
+        rulePriority = 2
+        description  = "Expire tagged images and keep last ${var.ecr_number_of_newest_tags}"
+        selection = {
+          tagStatus     = "tagged"
+          tagPrefixList = var.ecr_tag_prefix_list
+          countType = "imageCountMoreThan"
+          countNumber   = var.ecr_number_of_newest_tags
+        }
+        action = {
+          type = "expire"
+        }
+      },
+    ]
+  })
+
+depends_on = [ aws_ecr_repository.application ]
+}
+
 output "ecr_repository" {
   value = aws_ecr_repository.application.*.repository_url
 }
diff --git a/variables.tf b/variables.tf
@@ -297,3 +297,18 @@ variable "sqs_scaling_threshold" {
   default = 60
   type    = number
 }
+
+variable "ecr_untagged_lifetime" {
+  default = 1
+  type = number
+}
+
+variable "ecr_number_of_newest_tags" {
+  default = 5
+  type = number
+}
+
+variable "ecr_tag_prefix_list" {
+  default = ["!latest"]
+  type = list(string)
+}