This document describes how to build container images for aws-janitor and aws-janitor-boskos.
- Docker or Podman installed
- Docker buildx plugin (for multi-arch builds with Docker)
- Access to a container registry (for pushing images)
We've created two container images:
-
aws-janitor - Standalone janitor with AWS CLI
- Location:
images/aws-janitor/ - Based on Debian Bookworm Slim
- Includes AWS CLI v2 for debugging
- Size: ~200-300MB
- Location:
-
aws-janitor-boskos - Boskos integration
- Location:
images/aws-janitor-boskos/ - Based on Debian Bookworm Slim
- Minimal size (~150MB)
- Location:
The standard build process creates multi-architecture images (amd64, arm64, ppc64le, s390x):
# Set your container registry
export DOCKER_REPO=gcr.io/your-project
export DOCKER_TAG=v$(date -u '+%Y%m%d')-$(git describe --tags --always --dirty)
# Build aws-janitor image
make aws-janitor-image
# Build aws-janitor-boskos image
make aws-janitor-boskos-image
# Build all images
make imagesNote: Multi-arch builds require Docker with buildx. Podman is not supported for this.
For local testing with Podman or Docker:
# Using the helper script
cd images/aws-janitor
./build-local.sh
# Or manually
podman build \
--build-arg "DOCKER_TAG=test" \
--build-arg "go_version=1.23.4" \
--build-arg "cmd=aws-janitor" \
-t localhost/aws-janitor:test \
-f ./images/aws-janitor/Dockerfile .# Test aws-janitor
podman run --rm localhost/aws-janitor:test --help
# Verify version
podman run --rm localhost/aws-janitor:test --version 2>&1 | head -5
# Test AWS CLI is available
podman run --rm localhost/aws-janitor:test /bin/bash -c "aws --version"# Dry-run with actual AWS credentials
podman run --rm \
-v ~/.aws:/root/.aws:ro \
localhost/aws-janitor:test \
--dry-run \
--path s3://your-bucket/janitor-state.json \
--region us-east-1 \
--ttl=24hThe build process automatically:
- ✅ Excludes resources tagged with
preserve(safety feature) - ✅ Builds multi-architecture images
- ✅ Includes AWS CLI v2
- ✅ Uses distroless base for smaller size where possible
images/
├── aws-janitor/
│ ├── Dockerfile # aws-janitor image definition
│ ├── OWNERS # Ownership information
│ ├── README.md # Usage documentation
│ └── build-local.sh # Local build helper script
├── aws-janitor-boskos/
│ ├── Dockerfile # aws-janitor-boskos image definition
│ └── OWNERS # Ownership information
├── build.sh # Main build script (used by Makefile)
└── default/
└── Dockerfile # Fallback for commands without custom images
Multi-arch builds require Docker buildx. Use local build instead or install buildx.
Podman doesn't support buildx. Use the local build script or switch to Docker.
The aws-janitor image includes AWS CLI v2 which adds ~100MB. For a minimal image, consider:
- Using the aws-janitor-boskos image (no AWS CLI)
- Creating a custom Dockerfile based on distroless
- Building only for your target architecture
Ensure you're logged in to your container registry:
# For GCR
gcloud auth configure-docker
# For Docker Hub
docker login
# For Podman
podman login gcr.ioThe images can be built automatically in CI/CD:
# Example GitHub Actions
- name: Build images
run: |
export DOCKER_REPO=gcr.io/${{ secrets.GCP_PROJECT }}
export DOCKER_TAG=${{ github.sha }}
make aws-janitor-image
make aws-janitor-boskos-image- aws-janitor/README.md - AWS Janitor overview
- images/aws-janitor/README.md - Image usage guide
- Makefile - Build targets