1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
As far as I can tell this is a bug or design issue with AppRunner.
TL;DR - I suggest you enable ECR replication as needed.
The login credentials of ECR is region specific.
Based on CloudTrail logs, you can see that AppRunner only issues GetAuthorizationToken API call to the ECR API endpoint located in the region where the AppRunner service was originally created. This can be verified by changing the regions in the CloudTrail console and filter events.
That credential is not valid for ECR repos located in a different region, and evidently the AppRunner service keep retrying the API call to get new auth credential until the service creation timeout, around 10 mins.
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a un an
It is also a best practice to obtain container images from an ECR repository that is located in the same region you are running your containers in. AWS Regions are designed to be separate failure domains, so that if region A suffers a degradation in service, resources in region B will be unaffected. If you create inter-regional dependencies -- for example, by pulling container images from a different region -- then you are increasing your operational risk.