I am more experience in Azure, so please forgive me if this is an obvious question.
In AWS ECR, I have a private repository for images, and the last successfully deployed to production image is not there. When I tried to redeploy it to staging environment I received a 404. And when the ECS service went down it could not find the image.
I see 2 other images there, related to last 2 deployments to our staging environment. We are using bitbucket pipelines to build the images. I want to know how I can find out when it was removed, by who.
Background note: I did not set this up, the image would be 2 years old. My assumption is it must have been deleted recently otherwise we would have had production issues sooner.
Things I have tried:
I have tried scanning through logs in aws, but nothing comes up of interest.
There isn't any life cycle policies set
Are there any other things I can look into, specific logs I should look at, to see if there is a reason why they were deleted.
To answer your question "I want to know how I can find out when it was removed, by who.", you can check this in CloudTrail events. Filter the events with "resource type = AWS::ECR::Repository". Note, by default, CloudTrail events will only contain 90 days of data. If you configured CloudTrail to store the data like by saving it in S3, then the audit logs will be in your S3.
Otherwise, not much can be done. You can try AWS Support (if you have premium or enterprise support) but I don't think they will keep data that you have not.