1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
Hello.
From what I've heard about the situation, I think it's possible that communication to ECR and other services is not working.
To access ECR, the VPC endpoint should have at least the following:
It seems like you have already created one, so I think the VPC endpoint is fine.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html
- com.amazonaws.${AWS::Region}.s3
- com.amazonaws.${AWS::Region}.ecr.dkr
- com.amazonaws.${AWS::Region}.ecr.api
The next thing we need to check is the security group configured for the VPC endpoint.
The VPC endpoint security group must allow HTTPS in the inbound rule.
First, please check the security group settings.
It seems like the deployment circuit breaker is running, so you might want to try disabling it once.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-console-v2.html
Conteúdo relevante
- AWS OFICIALAtualizada há 9 meses
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
Make sure you have added the S3 gateway and not the S3 interface end point. This is assuming your docker image is in ECR.
Gary - My docker image is in ECR and I was missing the S3 gateway end point which I added. However it didn't help. I get the same error.
Riku - My security group has ALL TCP (0-65535, 0.0.0.0/0) Inbound and Outbound rules.
I am still getting the exact same error:
Resource handler returned message: "Error occurred during operation 'ECS Deployment Circuit Breaker was triggered'."
I've seen similar errors occur since the new ECS UI. The cause at that time was that ecsTaskExcutionRole did not have access rights to CloudWatch Logs. Try setting the policy for "logs:CreateLogGroup".
Riku - I added the logs policy to ecsTaskExecutionRole. No luck. Like I mentioned, the same service with the exact same task definition works if I just enable the public IP flag. But fails if I turn off the public IP flag.
I think there is a problem with the network settings or the VPC endpoint. By the way, have you configured log output settings from Fargate to CloudWatch Logs? If you have done so, please also add the following CloudWatch Logs VPC endpoint.