Skip to content

ECR Cost Insights

Every container image you push to Amazon ECR bills per GB-month until someone deletes it — and CI/CD pipelines push new images daily while almost nothing deletes old ones. CloudPouch ECR Cost Insights show which repositories have accumulated deletable images and what removing them saves.

  • Outdated container images superseded by newer pushes.
  • Unused container images that are cleanup candidates.
  • Repository storage cleanup opportunities, per repository: image counts, how many images can go, the estimated storage they occupy, the estimated saving, and policy status.

CloudPouch ECR Cost Insights table showing repository image counts, images to delete, estimated storage size, savings, policy status, and action.

ECR charges per GB-month of stored image data, with no expiry and no lifecycle applied by default. The growth pattern is mechanical: a pipeline that pushes an image on every merge adds gigabytes of new layers a month per service (layer deduplication softens this, but multi-stage builds and base-image updates keep real growth high). Multiply by dozens of services and a few years of history, and repositories quietly hold thousands of images of which only a handful — the currently deployed tag and a rollback candidate or two — matter. Current storage rates are on the Amazon ECR pricing page.

Unlike most AWS waste, this one has a permanent fix: an ECR lifecycle policy that keeps the last N images per repository and expires the rest. CloudPouch’s policy status column shows which repositories are still relying on manual cleanup.

Run this insight when ECR storage costs grow steadily release after release, when repositories predate any lifecycle-policy standard in your organization, or as a one-time audit before rolling lifecycle policies out fleet-wide.

Delete confidently but not blindly: keep the images your running workloads reference (including anything a rollback might target), and check for tags referenced by infrastructure-as-code or Lambda container deployments before purging. Then add a lifecycle policy so the same repository does not show up in next quarter’s scan.

CloudPouch needs read-only access to ECR repository and image metadata, plus cost data for storage analysis. See AWS permissions.