Merge pull request #24 from codeguru42/7-cleanup-ecr

codeguru42 · web-flow · commit c990bc386f9c · 2023-01-28T16:45:00.000-07:00
7 cleanup ecr
diff --git a/cloud-formation/ecr.yaml b/cloud-formation/ecr.yaml
@@ -7,6 +7,24 @@ Resources:
         EncryptionType: AES256
       ImageScanningConfiguration:
         ScanOnPush: true
+      LifecyclePolicy:
+        LifecyclePolicyText: |
+          {
+            "rules": [
+              {
+                "rulePriority": 1,
+                "description": "Keep newest",
+                "selection": {
+                  "tagStatus": "any",
+                  "countType": "imageCountMoreThan",
+                  "countNumber": 5
+                },
+                "action": {
+                  "type": "expire"
+                }
+              }
+            ]
+          }
 
 Outputs:
   GoCaptureRepository:
diff --git a/cloud-formation/github-role.yaml b/cloud-formation/github-role.yaml
@@ -72,8 +72,12 @@ Resources:
                   ecr:DescribeRepositories,
                   ecr:GetAuthorizationToken,
                   ecr:GetDownloadUrlForLayer,
+                  ecr:GetRepositoryPolicy,
                   ecr:InitiateLayerUpload,
+                  ecr:ListTagsForResource,
                   ecr:PutImage,
+                  ecr:PutImageScanningConfiguration,
+                  ecr:PutLifecyclePolicy,
                   ecr:UploadLayerPart
                 ],
                 "Resource": "*"
