Control: ECR repositories with unused images should be reviewed
Description
ECR repositories with images that haven't been pulled in a long time may be unused and should be reviewed for cleanup.
Usage
Run the control in your terminal:
powerpipe control run aws_thrifty.control.ecr_repository_unused_images
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_thrifty.control.ecr_repository_unused_images --share
Steampipe Tables
SQL
with latest_pulls as ( select repository_name, max(last_recorded_pull_time) as last_pull from aws_ecr_image group by repository_name)select r.arn as resource, case when i.last_pull is null then 'alarm' when i.last_pull < (current_timestamp - interval '90 days') then 'alarm' else 'ok' end as status, case when i.last_pull is null then r.title || ' has no images that have ever been pulled.' when i.last_pull < (current_timestamp - interval '90 days') then r.title || ' has not had any images pulled in the last 90 days. Last pull was on ' || to_char(i.last_pull, 'YYYY-MM-DD') else r.title || ' has had images pulled within the last 90 days. Last pull was on ' || to_char(i.last_pull, 'YYYY-MM-DD') end as reason, r.region, r.account_idfrom aws_ecr_repository r left join latest_pulls i on r.repository_name = i.repository_name;