diff --git a/aws/modules/infrastructure_modules/container_registry/README.md b/aws/modules/infrastructure_modules/container_registry/README.md
index e929c9ed..25c3bad6 100644
--- a/aws/modules/infrastructure_modules/container_registry/README.md
+++ b/aws/modules/infrastructure_modules/container_registry/README.md
@@ -57,7 +57,7 @@ data "aws_iam_policy_document" "additional_eks" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_enable_registry_scanning"></a> [enable\_registry\_scanning](#input\_enable\_registry\_scanning) | Whether to enable continuous registry scanning | `bool` | n/a | yes |
-| <a name="input_max_tagged_image_count"></a> [max\_tagged\_image\_count](#input\_max\_tagged\_image\_count) | The maximum number of tagged images to keep for each repository | `number` | n/a | yes |
+| <a name="input_max_tagged_image_count"></a> [max\_tagged\_image\_count](#input\_max\_tagged\_image\_count) | The maximum number of tagged images to keep for each repository | `number` | `100` | no |
 | <a name="input_max_untagged_image_count"></a> [max\_untagged\_image\_count](#input\_max\_untagged\_image\_count) | The maximum number of untagged images to keep for each repository | `number` | `1` | no |
 | <a name="input_pull_accounts"></a> [pull\_accounts](#input\_pull\_accounts) | List of accounts that can pull | `list(string)` | n/a | yes |
 | <a name="input_pull_and_push_accounts"></a> [pull\_and\_push\_accounts](#input\_pull\_and\_push\_accounts) | List of accounts that can pull and push | `list(string)` | n/a | yes |
diff --git a/aws/modules/infrastructure_modules/container_registry/locals.tf b/aws/modules/infrastructure_modules/container_registry/locals.tf
index 36c94014..04dc1832 100644
--- a/aws/modules/infrastructure_modules/container_registry/locals.tf
+++ b/aws/modules/infrastructure_modules/container_registry/locals.tf
@@ -1,3 +1,36 @@
 locals {
   pull_through_cache_accounts = length(var.pull_through_cache_accounts) > 0 ? var.pull_through_cache_accounts : ["arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"]
+
+  repository_lifecycle_default_policy = jsonencode({
+    rules = [
+      {
+        rulePriority = 1
+        description  = "Keep the last '${var.max_untagged_image_count}' untagged images"
+
+        selection = {
+          tagStatus   = "untagged"
+          countType   = "imageCountMoreThan"
+          countNumber = var.max_untagged_image_count
+        }
+
+        action = {
+          type = "expire"
+        }
+      },
+      {
+        rulePriority = 2,
+        description  = "Keep the last '${var.max_tagged_image_count}' tagged images"
+
+        selection = {
+          tagStatus   = "any"
+          countType   = "imageCountMoreThan"
+          countNumber = var.max_tagged_image_count
+        }
+
+        action = {
+          type = "expire"
+        }
+      },
+    ]
+  })
 }
diff --git a/aws/modules/infrastructure_modules/container_registry/main.tf b/aws/modules/infrastructure_modules/container_registry/main.tf
index f2984b0d..f4dd781d 100644
--- a/aws/modules/infrastructure_modules/container_registry/main.tf
+++ b/aws/modules/infrastructure_modules/container_registry/main.tf
@@ -15,38 +15,7 @@ module "ecr" {
   # Managed below in `ecr_registry_scanning_rules`
   manage_registry_scanning_configuration = false
 
-  repository_lifecycle_policy = jsonencode({
-    rules = [
-      {
-        rulePriority = 1
-        description  = "Keep the last '${var.max_untagged_image_count}' untagged images"
-
-        selection = {
-          tagStatus   = "untagged"
-          countType   = "imageCountMoreThan"
-          countNumber = var.max_untagged_image_count
-        }
-
-        action = {
-          type = "expire"
-        }
-      },
-      {
-        rulePriority = 2,
-        description  = "Keep the last '${var.max_tagged_image_count}' tagged images"
-
-        selection = {
-          tagStatus   = "any"
-          countType   = "imageCountMoreThan"
-          countNumber = var.max_tagged_image_count
-        }
-
-        action = {
-          type = "expire"
-        }
-      },
-    ]
-  })
+  repository_lifecycle_policy = var.repository_lifecycle_policy == "default-policy" ? local.repository_lifecycle_default_policy : var.repository_lifecycle_policy
 }
 
 ## Pull Through Cache
diff --git a/aws/modules/infrastructure_modules/container_registry/variables.tf b/aws/modules/infrastructure_modules/container_registry/variables.tf
index a6b3a71e..6041dab3 100644
--- a/aws/modules/infrastructure_modules/container_registry/variables.tf
+++ b/aws/modules/infrastructure_modules/container_registry/variables.tf
@@ -23,6 +23,8 @@ variable "max_untagged_image_count" {
 variable "max_tagged_image_count" {
   type        = number
   description = "The maximum number of tagged images to keep for each repository"
+
+  default = 100
 }
 
 variable "pull_accounts" {
@@ -64,3 +66,9 @@ variable "pull_through_cache_accounts" {
   description = "A default list of accounts for the Pull Through Cache if not configured in the `pull_through_cache_setup`. Defaults to the calling account root"
   default     = []
 }
+
+variable "repository_lifecycle_policy" {
+  type        = any
+  description = "ECR repository lifestyle policy rules"
+  default     = "default-policy"
+}