{"id":37097704,"url":"https://github.com/martijnvdp/lambda-ecr-image-sync","last_synced_at":"2026-01-14T12:00:15.071Z","repository":{"id":43099530,"uuid":"471297227","full_name":"martijnvdp/lambda-ecr-image-sync","owner":"martijnvdp","description":"Lambda for copying/syncing images for containers between public and private container registries","archived":false,"fork":false,"pushed_at":"2023-08-29T13:19:15.000Z","size":132,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-20T03:30:09.575Z","etag":null,"topics":["aws-lambda","container-image","containers","copy","crane","ecr","ecr-repositories","golang","lambda","lambda-functions","slack","synchronization"],"latest_commit_sha":null,"homepage":"https://github.com/martijnvdp/lambda-ecr-image-sync","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/martijnvdp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-18T08:54:44.000Z","updated_at":"2023-02-28T22:19:47.000Z","dependencies_parsed_at":"2024-06-20T02:59:55.248Z","dependency_job_id":null,"html_url":"https://github.com/martijnvdp/lambda-ecr-image-sync","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/martijnvdp/lambda-ecr-image-sync","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martijnvdp%2Flambda-ecr-image-sync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martijnvdp%2Flambda-ecr-image-sync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martijnvdp%2Flambda-ecr-image-sync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martijnvdp%2Flambda-ecr-image-sync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/martijnvdp","download_url":"https://codeload.github.com/martijnvdp/lambda-ecr-image-sync/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martijnvdp%2Flambda-ecr-image-sync/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28419272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-lambda","container-image","containers","copy","crane","ecr","ecr-repositories","golang","lambda","lambda-functions","slack","synchronization"],"created_at":"2026-01-14T12:00:14.400Z","updated_at":"2026-01-14T12:00:15.047Z","avatar_url":"https://github.com/martijnvdp.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lambda-ecr-image-sync\n![docker build](https://github.com/martijnvdp/lambda-ecr-image-sync/actions/workflows/release-docker-slim.yml/badge.svg)\n\nThis is a Golang Lambda function that compares images between ECR and public repositories such as DockerHub, Quay.io, and GCR.io and synces/copies the missing images to the ECR. It has the capability to sync the images directly to the target ECR on AWS or output a zipped CSV file with the missing images/tags to an S3 bucket.\n\nThe function compares the provided images and tags between ECR and the public registry using the Crane library to login and copy the missing images to the ECR on AWS. \nThis function is compatible with most container registries. For more information, please refer to the container lib at https://github.com/containers/image.\n\n## Docker images\n\n- `docker pull ghcr.io/martijnvdp/lambda-ecr-image-sync:v1.0.3`\n\n## usage\n\nCreate a lambda function using the container image (pushed to ecr) and set runtime at go1.x.`\\\nSet environment variables in the lambda configuration section. \\\nhttps://github.com/martijnvdp/terraform-ecr-image-sync\n\nImage names format:\n(registry hostname)/Source/name\n\n```hcl\ndocker.io/datadog/agent\ngcr.io/datadoghq/agent\nquay.io/cilium/cilium\n```\n\nEnvironment variables:\n\n```hcl\nAWS_ACCOUNT_ID='12345'\nAWS_REGION='eu-west-1'\nBUCKET_NAME='bucket_name'\nDOCKER_USERNAME='optional Username for docker hub'\nDOCKER_PASSWORD='optional Password for docker hub'\nSLACK_OAUTH_TOKEN='Slack oath token for notifications'\n```\n\nLambda event data:\n\n```hcl\n{\n\"repositories\": [ // optional if not specified it wil syn call repos that are configured with tags\n  \"arn:aws:ecr:us-east-1:123456789012:repository/dev/datadog/datadog-operator\",\"arn:aws:ecr:us-east-1:123456789012:repository/dev/datadog/datadog\"]\n\"check_digest\": true // check digest of existing tags on ecr and only add tags if the digest is not the same\n\"concurrent\": 2 // max number of concurrent jobs\n\"max_results\": 5\n\"slack_channel_id\":\"CDDF324\"\n\"slack_errors_only\": true // only return errors to slack\n\"slack_msg_err_subject\":\"The following error has occurred:\"\n\"slack_msg_header\":\"The Lambda ECR-IMAGE-SYNC has completed\"\n\"slack_msg_subject\":\"The following images are now synced to ECR:\"\n  }\n```\n\n## configure ECR Sync with tags on the internal ECR Repository\nRepository tags:\n```\necr_sync_constraint = \"-ge v1.1.1\" // equivalent of \u003e= v1.1.1 other operators ( -gt -le -lt) because \u003e= chars is not allowed in aws tags\necr_sync_source = \"docker.io/owner/image\"\necr_sync_include_rls = \"ubuntu rc\" // releases to include v.1.2-ubuntu v1.2-RC-1\necr_sync_release_only = \"true\" // only release version exclude normal tags\necr_sync_max_results = \"10\"\necr_sync_exclude_rls = \"RC UBUNTU\" // exclude certain releases \necr_sync_exclude_tags = \"1.1.1 2.2.2\" // exclude specific tags\necr_sync_include_tags = \"1.1.1 2.2.2\" // exclude specific tags\n```\n## Versions \n\nuse constraint for version constraints \n\nexamples:\n```hcl\n\"constraint\": \"-ge v3.0\"\n\"constraint\": \"-gt v3.0\"\n\"constraint\": \"-le v3.0\"\n\"constraint\": \"-lt v3.0\"\n\n```\n\nuse include_rls to include certain keywords/pre-releases:\n\nPrerelease info is everything after the -\n\nExample for v1.2-beta-10 it is beta and 10\nto include beta pre-releases: \n\n```hcl\n\"include_rls\": \"beta\"\n```\nto exclude beta pre-releases: \n\n```hcl\n\"exclude_rls\": \"beta\"\n```\n\nto include debian builds but exclude release candidates,alpha or beta \n\nv1.2.3-debian-1-rc\n\n```hcl\n\"include_rls\": \"debian\"\n\"exclude_rls\": \"rc beta alpha\"\n```\n\nSee for more info:\nhttps://github.com/hashicorp/go-version\n\n## Slack notifications\n\nThe function can send notifications to a slack channel:\n\npreparation:\n* Create a new Slack App\n* Give your bot/app the following OAuth permission scopes: chat:write, chat:write.public\n* Copy your Bot User OAuth Access Token for the environment variable in the lambda function\n* Copy the Channel ID of the channel you want to post a message to. You can grab the Channel ID by right clicking a channel and selecting * copy link. Your Channel ID will be in that link.\n\nNow you can use the fields in the Lambda event payload to set the channel id , message header and subject.\n\n```hcl\n\"slack_channel_id\":\"CDDF324\"\n\"slack_errors_only\": true // only return errors to slack\n\"slack_err_msg_subject\": \"subject error messages\"\n\"slack_msg_header\":\"ECR-IMAGE-SYNC has completed\"\n\"slack_msg_subject\":\"The following images are now synced to ECR:\"\n```\n\nThe Token needs to be set as an environment variable in the lambda function configuration\n```hcl\nSLACK_OAUTH_TOKEN = \"OAuth token\"\n```\nyou can use go test in slack_test.go to test with a test message\n\nused module https://github.com/nikoksr/notify/blob/main/service/slack/usage.md\n\n## Build requirements\n\nTo install the gcc and other dependencys execute:\n\n```\nmake init\n\n```\n\n## Create Test for functions\nWith the gotests tool you can auto generate go tests for new functions:\nhttps://github.com/cweill/gotests\n\n\n## references\n* https://docs.aws.amazon.com/lambda/latest/dg/golang-package.html\n* https://github.com/pgarbe/cdk-ecr-sync\n* https://garbe.io/blog/2020/04/22/cdk-ecr-sync/\n* https://github.com/cweill/gotests \n* https://github.com/docker-slim/docker-slim\n\n### used modules\n* https://github.com/google/go-containerregistry\n* https://github.com/nikoksr/notify\n* https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md\n\n## cloned modules\n* https://github.com/hashicorp/go-version@v1.3.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartijnvdp%2Flambda-ecr-image-sync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmartijnvdp%2Flambda-ecr-image-sync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartijnvdp%2Flambda-ecr-image-sync/lists"}