Why it matters
ECR charges $0.10 per GB-month for private repository storage, and without cleanup, old images accumulate quickly. Every CI/CD build pushes a new image, and outdated or untagged images often remain indefinitely. Lifecycle policies automate the cleanup of images you no longer need, preventing storage costs from growing unchecked.
How lifecycle policies work
Lifecycle policies let you define rules that automatically delete images based on age, count, or tag status. Rules are evaluated in priority order, and images matching the criteria are expired.1
Common policy patterns:
- Expire untagged images – Remove dangling images
- Limit by count – Keep only the N most recent images per tag prefix
- Expire by age – Delete images older than X days that match certain tag patterns
Quick Wins
-
Create a policy to expire untagged images after 1 day
{ "rules": [{ "rulePriority": 1, "description": "Expire untagged images after 1 day", "selection": { "tagStatus": "untagged", "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 1 }, "action": { "type": "expire" } }] } -
Keep only recent production images
For production tags, retain only the last 10 images. This maintains a reasonable rollback window without indefinite storage.{ "rules": [{ "rulePriority": 2, "description": "Keep last 10 production images", "selection": { "tagStatus": "tagged", "tagPrefixList": ["prod", "production", "release"], "countType": "imageCountMoreThan", "countNumber": 10 }, "action": { "type": "expire" } }] } -
Expire old dev/test images
Development and feature branch images rarely need to be kept beyond X days. -
Test before applying
Use the lifecycle policy preview feature to see which images would be deleted before enabling the policy. This prevents accidental removal of images you still need.1
Related strategies
- Overview – Understand ECR pricing and other cost optimization strategies