Trigger AWS lambda function after ECR event

Question

I am trying to get an AWS Lambda function to run whenever a new image is pushed to an AWS container registry. I have created and tested the function which works fine. I have then created a simple CloudWatch event rule with the pattern: 

{

  "source": [

    "aws.ecr"

  ]

}

which I believe will trigger on any event from ECR.

The rule has a target of the lambda function. The problem is the function is not called when a new image is pushed to the registry (or deleted etc). Nothing appears in the CloudWatch logs for the function. Is there something missing from the event rule or a way to diagnose what could be going wrong?

Answer 1

You can write the PutImage event to CloudWatch Logs when it gets recorded by Cloudtrail. You can create an Alarm which checks for a PutImage event and then you can trigger the Lambda function using SNS as the trigger. 

The ECR CloudTrail API has to be configured which calls the events.

{

  "source": [

    "aws.ecr"

  ],

  "detail-type": [

    "AWS API Call via CloudTrail"

  ],

  "detail": {

    "eventSource": [

      "ecr.amazonaws.com"

    ]

  }

}

 

Or

 

You should create a Logs Metric Filer, which might be like this:

{ ($.eventSource = ecr.amazonaws.com) && ($.eventName = PutImage) && ($.requestParameters.repositoryName = “<RepoName>”) && ($.errorCode NOT EXISTS) }