aws_ecr: CDK only creates "ECRAutoDeleteImagesCustomResourceProvider" for 1 ECR repository instead of 2 #26025

adrenaline681 · 2023-06-17T05:20:33Z

Describe the bug

I create 2 repositories with removal_policy set to Destroy and with auto_delete_images set to True.

When CDK presents me with the IAM Statements, there is only "ECRAutoDeleteImagesCustomResourceProvider" for the first repository. Due to this when I destroy the stack only the first repository gets deleted and I get an error on the 2nd repository saying that t I dont have permissions to delete the images:

AccessDeniedException: User: 
arn:aws:sts::536382905314:assumed-role/Pipeline-CustomECRAutoDeleteImagesCustomResourcePr-17A3R3WYBMEU0/Pipeline-CustomECRAutoDeleteImagesCustomResourcePr-gb4AMTavlZO9 is not authorized to perform: ecr:DescribeRepositories on resource: arn:aws:ecr:
us-west-2:536382905314:repository/project-web because no identity-based policy allows the ecr:DescribeRepositories action

Expected Behavior

When I destroy the stack both repositories get deleted and not just the first one.

Current Behavior

When I destroy the stack only first repository gets deleted and I get an error:

The repository with name 'project-web' in registry with id '536382905314' cannot be deleted because it still contains images

Reproduction Steps

class PipelineStack(core.Stack):
    def __init__(self, scope, construct_id, context, **kwargs):
        super().__init__(scope, construct_id, **kwargs)
        ecr_backend = ecr.Repository(
            self, 'ECRBackend',
            repository_name='project-api',
            removal_policy=core.RemovalPolicy.DESTROY,
            auto_delete_images=True,
        )
        ecr_frontend = ecr.Repository(
            self, 'ECRFrontend',
            repository_name='project-web',
            removal_policy=core.RemovalPolicy.DESTROY,
            auto_delete_images=True,
         )

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.83.1 (build 006b542)

Framework Version

No response

Node.js Version

v16.14.2

OS

Windows 10

Language

Python

Language Version

Python 3.10.4

Other information

No response

The text was updated successfully, but these errors were encountered:

pahud · 2023-06-19T13:41:46Z

close in favor of #25308

github-actions · 2023-06-19T13:42:05Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

adrenaline681 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 17, 2023

github-actions bot added the @aws-cdk/aws-ecr Related to Amazon Elastic Container Registry label Jun 17, 2023

pahud closed this as completed Jun 19, 2023

pahud added duplicate This issue is a duplicate. and removed needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2023

pahud added p1 effort/medium Medium work item – several days of effort labels Jun 19, 2023

This was referenced Jul 26, 2023

Monthly issue metrics report #26514

Closed

Monthly issue metrics report #26515

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws_ecr: CDK only creates "ECRAutoDeleteImagesCustomResourceProvider" for 1 ECR repository instead of 2 #26025

aws_ecr: CDK only creates "ECRAutoDeleteImagesCustomResourceProvider" for 1 ECR repository instead of 2 #26025

adrenaline681 commented Jun 17, 2023

pahud commented Jun 19, 2023

github-actions bot commented Jun 19, 2023