1

After pushing docker image(with test tag) to ECR, more than one time, older docker images goes untagged in ECR

What is the AWS CLI command to delete untagged image in ECR?

overexchange
  • 15,768
  • 30
  • 152
  • 347
  • Does this answer your question? [How to delete untagged images from AWS ECR Container Registry](https://stackoverflow.com/questions/40949342/how-to-delete-untagged-images-from-aws-ecr-container-registry) – LinPy Jan 23 '20 at 06:11
  • @LinPy Not really working... Untagged image has image URI: `1111222334455.dkr.ecr.us-west-2.amazonaws.com/someimage@sha256:feeeeeeeee00d1e0b18fa5a19d15c3cb47d222e345862ddddddddddd0`...... What is `ECR_REPO` from this URI? I set it as `someimage`, which does not work – overexchange Jan 23 '20 at 22:32

3 Answers3

3

You can use ECR lifecycle policy, which has been recently added by AWS https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Here's an example of a policy to only keep one untagged image and expire all others ECR policy rule

Sahar
  • 436
  • 1
  • 4
  • 15
2

You can try using aws cli - set the correct AWS REGION where your ecr repositories exists.

AWSREGION=us-west-2 && ecr describe-repositories --region=$AWSREGION --output text | awk '$5{print $5}' | sed -n  's/.*repository\/\(.*\)/\1/p' | while read line; do aws ecr list-images --region=$AWSREGION --repository-name "$line" --filter tagStatus=UNTAGGED --query 'imageIds[*]' --output text | while read imageId; do aws ecr batch-delete-image  --region=$AWSREGION --repository-name "$line" --image-ids imageDigest=$imageId; done; done

This command will delete all the untagged images recursively. Hope this solves your problem.

GOPESH CHAUDHARY
  • 121
  • 4
  • To delete any image (untagged or tagged) "AWSREGION=us-east-1 && aws ecr describe-repositories --region=$AWSREGION --output text | awk '$5{print $5}' | sed -n 's/.*repository\/(.*)/\1/p' | while read line; do aws ecr list-images --region=$AWSREGION --repository-name "$line" --filter tagStatus=ANY --query 'imageIds[*]' --output text | awk '$1{print $1}' |while read imageId; do aws ecr batch-delete-image --region=$AWSREGION --repository-name "$line" --image-ids imageDigest=$imageId; done; done" – Rakshesh Jan 28 '21 at 00:24
1

What happens is when you publish an image:tag the tag will be removed from the previous image.

You can run a CLI command to identify the images that are untagged and pipe the output to the command to delete those.

You can also use lifecycle policies.

Refer the link below. I haven't tested this myself.

reference: How to delete untagged images from AWS ECR Container Registry

https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Arun Kamalanathan
  • 8,107
  • 4
  • 23
  • 39
  • What does `ECR_REPO` mean? Because I see untagged image URI in ECR as: `1111222334455.dkr.ecr.us-west-2.amazonaws.com/someimage@sha256:feeeeeeeee00d1e0b18fa5a19d15c3cb47d222e345862ddddddddddd0` – overexchange Jan 23 '20 at 22:32
  • 1
    https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html did you see this , looks like you can do cleanup through life cycle policies – Arun Kamalanathan Jan 23 '20 at 23:25
  • I should manage deleting images explicitly using AWS CLI. Am not allowed to set lifecycle policy. – overexchange Jan 23 '20 at 23:31
  • basically it's the URI for the untagged image. so that you can tag the untagged if needed – Arun Kamalanathan Jan 23 '20 at 23:37