Remove ECR image tag despite ImageReferencedByManifestList error

Question

I would like to be able to delete an ECR image tag but without deleting the underlying image itself. The use case is a temporary tag that was used just to push an image, which was then referenced as part of a manifest list, and needs to be subsequently deleted.

I found Remove tag from image however in this case that doesn't help. The batch-delete-image operation sometimes just deletes a tag (if the image has multiple tags), or tries to delete the image itself if it only has that one tag.

If that image is referenced as part of a manifest list then the operation fails:

$ aws ecr-public batch-delete-image --region=$REGION --repository-name $REPO --image-ids imageTag=TEMP 
2{
3    "imageIds": [],
4    "failures": [
5        {
6            "imageId": {
7                "imageTag": "TEMP"
8            },
9            "failureCode": "ImageReferencedByManifestList",
10            "failureReason": "Requested image referenced by manifest list: [sha256:f0446c2685b48eedefa1a90085c513ddae548226b087fa3a7ced8f94cf4aff70]"
11        }
12    ]
13}

Answer 1

After contacting Amazon support I was told that the only workaround for this limitation is to push some random image to the temporary tag (I used busybox), and then use the batch-delete-image operation to delete the tag, like this:

$ docker pull busybox
$ docker tag busybox public.ecr.aws/$REPO:TEMP
$ docker push public.ecr.aws/$REPO:TEMP
$ aws ecr-public batch-delete-image --region=$REGION --repository-name $REPO --image-ids imageTag=TEMP

I can't help but think that this situation reveals a design flaw in ECR though, since the manifest list reference is all that is needed to keep the image alive in the registry. ECR seems to treat tags as a property of an image rather than as a standalone pointer to an image.

EDIT: I filed an issue for this: https://github.com/aws/containers-roadmap/issues/1567