https://ferkakta.dev/tags/ecr/Recent content in Ecr on ferkakta.devHugoen-USCopyright fizz.Tue, 17 Feb 2026 09:00:00 -0600https://ferkakta.dev/state-aware-ecr-image-resolution-github-actions/Tue, 17 Feb 2026 09:00:00 -0600https://ferkakta.dev/state-aware-ecr-image-resolution-github-actions/<p>Every &ldquo;deploy to EKS with GitHub Actions&rdquo; tutorial solves the same problem: build an image, push to ECR, deploy it. The tutorial ends at &ldquo;your pod is running.&rdquo; Nobody talks about day two.</p> <h2 id="the-silent-rollback">The silent rollback</h2> <p>Day two: you have a running EKS cluster with three services per tenant. You need to change an IAM policy. You open a PR, touch one line of Terraform, run <code>terraform apply</code>.</p> <p>Your IAM policy updates. Your container images also update — to whatever was hardcoded in <code>variables.tf</code> as the default. That default was correct three months ago. Your services just rolled back to a three-month-old image and nobody noticed because the deployment succeeded.</p>