Hopefully I'm not wrong on all of this information but this does appear to be a build-in feature with lifecycle policy in ECR as it automatically cleans up artifacts (including your metadata) that are orphaned or no longer used by any images. I would like to mention that all artifacts are considered images to ECR's lifecycle policy.
The documentation on [1] lifecycle policies mention the following about once a lifecycle policy is applied:
Once a lifecycle policy is applied to a repository, you should expect that images become expired within 24 hours after they meet the expiration criteria
and mentioning that these artifacts will be cleaned up after 24 hours:
When reference artifacts are present in a repository, Amazon ECR lifecycle policies automatically clean up those artifacts within 24 hours of the deletion of the subject image
under [2] considerations on image signing
When reference artifacts are present in a repository, Amazon ECR lifecycle policies will automatically clean up those artifacts within 24 hours of the deletion of the subject image.
Why did it decide that my artifacts were orphaned?
As I don't know your full lifecycle policy rules. The rule provided determined that your artifacts were orphaned because it mentions "Any" and treated the metadata non-image as unused and eligible for cleanup.
How can I avoid that?
From the provided rule in this post, let me break it down what's happening:
"tagStatus": "Any",
"tagPrefixList": [],
"tagPatternList": [],
"tagStatus": "Any" means that the rule applies to all artifact, tagged or untagged
"tagPrefixList": [] and "tagPatternList": [] indicates that no specific tag filtering is happening, therefore applying it to any tagged or non-tagged
Recommendations:
Change:
"tagStatus": "Any"
to:
"tagStatus": "untagged"
I'd say [3] tagging your non-image artifacts properly will prevent this from happening and once tagged, the "cleanup orphan artifacts" rule wont consider them as orphaned, they will be considered referenced and active preventing the aforementioned rule to consider them as 'orphaned'.
Changing it to "untagged" will ensure the rule only targets untagged artifacts
References:
[1] - https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
[2] - https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-signing.html
[3] - https://docs.aws.amazon.com/AmazonECR/latest/userguide/lifecycle_policy_parameters.html