From 6ba5ecc3b4979af58cc640cf3a05b16f6eaa2e8d Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Mon, 2 Feb 2026 23:26:42 +0000
Subject: [PATCH] untagged image as well

---
 infrastructure/terraform/modules/ecr/main.tf | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/infrastructure/terraform/modules/ecr/main.tf b/infrastructure/terraform/modules/ecr/main.tf
index 813ff9b0..ee4cac11 100644
--- a/infrastructure/terraform/modules/ecr/main.tf
+++ b/infrastructure/terraform/modules/ecr/main.tf
@@ -12,7 +12,7 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
 
   policy = jsonencode({
     rules = [
-      # 1️⃣ PROTECT important environment tags forever
+      # 1️⃣ Keep important env tags forever
       {
         rulePriority = 1
         description  = "Keep prod, main, dev images forever"
@@ -25,9 +25,23 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
         }
       },
 
-      # 2️⃣ Expire everything else beyond the most recent 10 images
+      # 2️⃣ Aggressively expire untagged images
       {
         rulePriority = 2
+        description  = "Expire untagged images"
+        selection = {
+          tagStatus   = "untagged"
+          countType   = "imageCountMoreThan"
+          countNumber = 1
+        }
+        action = {
+          type = "expire"
+        }
+      },
+
+      # 3️⃣ Rotate everything else
+      {
+        rulePriority = 3
         description  = "Retain only the last 10 images"
         selection = {
           tagStatus   = "any"
@@ -41,4 +55,3 @@ resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
     ]
   })
 }
-