Skip to content

Unused ECR Images

Amazon Elastic Container Registry (ECR) is a fully managed container image registry. Unused images can accumulate over time from CI/CD pipelines, deprecated services, and abandoned experiments, leading to unnecessary storage costs.

Implementation Effort: Low - Estimated time: less than 30 minutes. Delete unused container images or set up lifecycle policies for automated cleanup.

What We Detect

  • Never-used images -- Images pushed to ECR that have never been deployed to EKS or ECS clusters
  • Stale images -- Images not used in any cluster for an extended period
  • Untagged images -- Orphaned images without tags that have been sitting idle

For full detection capabilities, ECR Enhanced Scanning (via Amazon Inspector) should be enabled. Without it, detection falls back to basic image age and tag analysis.

Why It Matters

ECR storage costs ~$0.10/GB-month. With hundreds of unused images from CI/CD builds, costs accumulate quickly. Lifecycle policies can automate cleanup, but many repositories lack them.

Recommendations

  1. Verify the image is not referenced by any active deployment, pipeline, or base image
  2. Delete unused images manually or set up ECR lifecycle policies for automated cleanup
  3. Enable ECR Enhanced Scanning for richer usage insights

Keep on chasing 🧡