Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Getting a CannotPullContainerError container uri not found - Fargate Task Running in Public Subnet

0

Hello I have task defined for a fargate cluster for an image located on the ECR, but for some reason its not able to pull the container image from ECR... As this is has been asked before I referred to the following links to perform my troubleshooting:

From what I gather there are two key considerations:

  1. Role access to ECR from your task
  2. Internet access to public subnet

My task has the following definitions:

  • ecsTaskExecutionRole which has -> AmazonECSTaskExecutionRolePolicy -> which has the below actions assigned
    "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*"
  • awsvpc networking mode
  • it has the correct image URI in the definition
  • its using public subnet which is mapped to an internet gateway
  • the ENI for the task is getting a public IP Address Assigned

Any other considerations I'm missing?

p.s. Attaching some images in case its helpful.

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Themen
ServerlosBehälter
Tags
AWS FargateAmazon Elastischer Container-ServiceBehälter
Sprache
English
profile picture
ECP_WIZZIE
gefragt vor einem Jahr291 Aufrufe
2 Antworten
0
Akzeptierte Antwort

I found the answer, the task definition was referencing 'LATEST' image tag instead of the version number. Going to look into having the image push to ECR with 'Latest' as the tag so I don't have to update the Task definition everytime I update the container.

profile picture
ECP_WIZZIE
beantwortet vor einem Jahr
0

First, please review the following documents.
https://repost.aws/knowledge-center/ecs-pull-container-api-error-ecr
https://repost.aws/knowledge-center/ecs-fargate-pull-container-error

Other than the above, it has been my experience that increasing the memory capacity of the task definition has solved that error, so please try it.

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Jahr
  • ECP_WIZZIE
    vor einem Jahr

    Riku, thank you for your comment. So I followed those items, and one thing that I was missing was the endpoints and correct security group being attached to the VPC. I also edited the security group to accept all inbound and outbound connections for all ports, types and protocols and destination 0.0.0.0/0... The image is only 256 mb, and the task def calls for 3 GB, but I increased to 4 GB since you mentioned memory.

    Still unable to pull the image, though I get a different error: Rather than reference the URI, it just says the image 'is not found'.

    Just for fun I tried running the task via Fargate v1.3 -> error there is basically the same.

    The image is in a private repo in my ECR, does that matter?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt