Get all ECR images with more than 900 tags

README.md

Get all ECR images with more than 900 tags.

AWS has a hard limit of 1000 tags on any single image.

Attempting to push another tag on that image will result in an error like the following:

ERROR: failed commit on ref "index-sha256:......": unexpected status from PUT request to https://ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/v2/REPOSITORY/manifests/TAG_NAME: 403 Forbidden

In CloudTrail the error looks like:

Adding tag 'TAG_NAME' to an image in the repository with name 'REPOSITORY' in registry with id 'ACCOUNT_ID' exceeds the maximum allowed number of tags per image which is '1000'

This script prints out each image that has more than 900 tags, to identify which images are close to this limit.

get_tagged_images.py

import boto3

client = boto3.client('ecr')

def get_repository_names():
    paginator = client.get_paginator("describe_repositories")
    response_iterator = paginator.paginate()

    for response in response_iterator:
        yield from (repo['repositoryName'] for repo in response["repositories"])

def get_tagged_images(repository_name):
    paginator = client.get_paginator("describe_images")
    response_iterator = paginator.paginate(
        repositoryName=repository_name,
        filter={
            'tagStatus': 'TAGGED'
        },
    )

    for response in response_iterator:
        yield from response['imageDetails']

if __name__ == "__main__":
    repo_names = get_repository_names()
    for repo in repo_names:
        images = get_tagged_images(repo)
        for image in images:
            image_name = f"{repo}:{image['imageDigest']}"
            num_tags = len(image['imageTags'])
            if num_tags > 900:
                print(f"{image_name} - {num_tags} tags")