How lifecycle management rules work for Image Builder image resources - EC2 Image Builder
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How lifecycle management rules work for Image Builder image resources

Image lifecycle policies use the lifecycle rules that you define to implement your overall resource management strategy. The rules that you define help ensure the freshness of your available images and minimize costs for underlying infrastructure such as snapshot storage for output AMIs, or ECR repository storage and data transfer rates for container images.

You can configure the following types of rules for your policies.

Deprecate rule

Sets the Image Builder image resource status to Deprecated. Image Builder pipelines still run for deprecated images. You can optionally set the deprecation time for associated AMIs without affecting your ability to launch new instances.

When an AMI is deprecated, it's ignored by general searches. For example, if you run the Amazon EC2 describe-images command in the Amazon CLI, it would not return deprecated AMIs in the result set. However, you can still find deprecated AMIs with their AMI ID.

This rule is not available for container images.

Disable rule

Sets the Image Builder image resource status to Disabled. This prevents Image Builder pipelines from running for this image. You can optionally disable the associated AMI to prevent new instance launches.

When an AMI is disabled, it becomes private and can't be used to launch new instances. If you shared the AMI with any accounts, organizations, or organizational units, they lose access to your AMI when it becomes private.

This rule is not available for container images.

Delete rule

Deletes the image resources by age or by count. You define the threshold that meets your needs. When an Image Builder image resource passes the threshold, it's removed. You can optionally deregister associated AMIs or delete the snapshots for those AMIs. You can also specify tags for resources that you want to retain past the threshold.

For container images, this rule deletes the Image Builder container image resource. You can optionally remove container images that were distributed to ECR repositories to prevent them from being used to run new containers.

AMI lifecycle exclusion rules

The following exclusion rules define exceptions to the lifecycle rules for AMIs. AMIs that meet the criteria specified by the exclusion rules are excluded from lifecycle actions. Exclusion rules are not available in the Amazon Web Services Management Console.

The following terms use API notation from the LifecyclePolicyDetailExclusionRules data type.

Exclusion rules
amis

Contains the settings in LifecyclePolicyDetailExclusionRulesAmis shown in the list that follows.

tagMap

You can provide a list of up to 50 tags that skip lifecycle actions for any type of resource.

The following terms use API notation from the LifecyclePolicyDetailExclusionRulesAmis data type.

AMI exclusion rules
isPublic

Configures whether public AMIs are excluded from the lifecycle action.

lastLaunched

Specifies configuration details for Image Builder to exclude the most recent resources from lifecycle actions.

regions

Configures Amazon Web Services Regions that are excluded from the lifecycle action.

sharedAccounts

Specifies Amazon Web Services accounts whose resources are excluded from the lifecycle action.

tagMap

Lists tags that should be excluded from lifecycle actions for the AMIs that have them.

View lifecycle management rule details for a policy

Rules are defined within the lifecycle management policies that you create for your Image Builder image resources. In the console, the lifecycle policy details page has a Rules tab that shows the details of the rules that you configured for the policy.

To get policy details in the Amazon CLI, you can run the get-lifecycle-policy command. The policy details in the response contain a list of the actions (rules) that you defined for the policy, that include all of your configured settings.