APM 6720 ecr lifecycle policy

Author: CLJ2006

ansible/roles/build-ecs-proxies/tasks/build-container.yml

@@ -31,3 +31,11 @@
   ansible.builtin.command:
     cmd: "docker push {{ image_name }}"
   when: build_result.rc == 0
+
+- name: Apply lifecycle policy to ecr {{ service_id }}_{{ item }}
+  ansible.builtin.command:
+    cmd: >
+      {{ aws_cmd }} ecr put-lifecycle-policy
+      --repository-name {{ service_id }}_{{ item }}
+      --lifecycle-policy-text file://{{ base_dir }}/ecr/ecr_lifecycle.json
+  when: lifecycle_check.rc != 0 and build_result.rc == 0

ecr/ecr_lifecyle.json

@@ -0,0 +1,29 @@
+{
+  "rules": [
+    {
+      "rulePriority": 1,
+      "description": "Expire untagged images beyond the latest 3",
+      "selection": {
+        "tagStatus": "untagged",
+        "countType": "imageCountMoreThan",
+        "countNumber": 10
+      },
+      "action": {
+        "type": "expire"
+      }
+    },
+    {
+      "rulePriority": 2,
+      "description": "Retain ECS-protected images",
+      "selection": {
+        "tagStatus": "tagged",
+        "tagPrefixList": ["ecs-"],
+        "countType": "imageCountMoreThan",
+        "countNumber": 9999
+      },
+      "action": {
+        "type": "retain"
+      }
+    }
+  ]
+}