untagged image as well

infrastructure/terraform/modules/ecr/main.tf

@@ -12,7 +12,7 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
 
   policy = jsonencode({
     rules = [
-      # 1️⃣ PROTECT important environment tags forever
+      # 1️⃣ Keep important env tags forever
       {
         rulePriority = 1
         description  = "Keep prod, main, dev images forever"
@@ -25,9 +25,23 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
         }
       },
 
-      # 2️⃣ Expire everything else beyond the most recent 10 images
+      # 2️⃣ Aggressively expire untagged images
       {
         rulePriority = 2
+        description  = "Expire untagged images"
+        selection = {
+          tagStatus   = "untagged"
+          countType   = "imageCountMoreThan"
+          countNumber = 1
+        }
+        action = {
+          type = "expire"
+        }
+      },
+
+      # 3️⃣ Rotate everything else
+      {
+        rulePriority = 3
         description  = "Retain only the last 10 images"
         selection = {
           tagStatus   = "any"
@@ -41,4 +55,3 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
     ]
   })
 }
-