Check provider logo

Check if ECR repositories have lifecycle policies enabled

ecr_repositories_lifecycle_policy_enabled

Severitylow
Serviceecr
by Prowler

Check if ECR repositories have lifecycle policies enabled

Risk

Amazon ECR repositories run the risk of retaining huge volumes of images, increasing unnecessary cost.

Run this check with Prowler CLI

prowler aws --checks ecr_repositories_lifecycle_policy_enabled

Run in Prowler Cloud

ARN template

arn:partition:service:region:account-id:resource-id

Remediation

CLI

aws ecr put-lifecycle-policy --repository-name <REPOSITORY_NAME> --lifecycle-policy-text <LIFECYCLE_POLICY> [--registry-id <REGISTRY_ID>]

Other

https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/ECR/lifecycle-policy-in-use.html

WUI

Open the Amazon ECR console. Create an ECR lifecycle policy.

References:
https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Source Code

Resource Type

AwsEcrRepository