By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ECS/Farget service in the AWS CDK using the default public subnet in the VPC, failed to start the task, which originated from the private ECR container image.

0

Hi,When I tried to deploy the ECS Fargate service using AWS CDK, I get stuck at the task launch and after A while I get an error:

ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 3 time(s): RequestError: send request failed caused by: Post "https://api.ecr.ap-northeast-2.amazonaws.com/": dial tcp 54.180.184.238:443: i/o timeout. Please check your task network configuration..

Here is my cdk code: ps:I'm not writing** [isDefault: true]** in loopup vpc, because if I write it that way, I'll have two more subnets that I don't know where they came from.

`

    const vpc = ec2.Vpc.fromLookup(this, "Default VPC", {
        //default vpc id
        vpcId: "vpc-069bd0d6dea52bc66", //The VPC ID shown here is the only VPC in ap-northeast-2
    });

    const publicSubnets = vpc.selectSubnets({
        subnetType: ec2.SubnetType.PUBLIC,
        availabilityZones: ["ap-northeast-2a", "ap-northeast-2b"],
    });

    //The printout here is same as aws console
    publicSubnets.subnets.forEach((subnet) => {
        console.log("==>>subnetId:" + subnet.subnetId + "\n");
    });

    const cluster = new ecs.Cluster(this, "Cluster", {
        clusterName: "DemoClusterForCdk",
        vpc,
    });

    const fargateTaskDefinition = new ecs.TaskDefinition(this, "TaskDefinition-Fargate", {
        compatibility: ecs.Compatibility.FARGATE,
        cpu: "256",
        memoryMiB: "512",
        networkMode: ecs.NetworkMode.AWS_VPC,
    });

    fargateTaskDefinition.addContainer("FargateTaskContainer", {
        //private repository
        image: ecs.ContainerImage.fromEcrRepository(
            ecr.Repository.fromRepositoryName(
                this,
                "ECR-Repository-nginxDemos",
                "nginxdemos-hello"
            ),
            "latest"
        ),
        portMappings: [{ containerPort: 80 }],
    });

    const fargateService = new ecs.FargateService(this, "DemoFargateService", {
        cluster,
        taskDefinition: fargateTaskDefinition,
        desiredCount: 2,
        serviceName: "DemoFargateService",
        vpcSubnets: { subnets: publicSubnets.subnets },
    });

    const alb = new elbv2.ApplicationLoadBalancer(this, "DemoALB", {
        vpc,
        internetFacing: true,
        ipAddressType: elbv2.IpAddressType.IPV4,
        vpcSubnets: publicSubnets,
    });

    const listener = alb.addListener("DemoListener", {
        port: 80,
        protocol: elbv2.ApplicationProtocol.HTTP,
    });

    listener.addTargets("DemoTarget", {
        port: 80,
        protocol: elbv2.ApplicationProtocol.HTTP,
        targets: [fargateService],
    });

`

During deployment, the startup task will continue to be retried, and of course, it will continue to fail.

Why is this? The subnet is public.

Topics
AWS Cloud Development Kit (CDK)
Tags
AWS Cloud Development Kit (CDK)
Language
English
tong_K
asked 8 months ago357 views
1 Answer
1
Accepted Answer

Even though it’s a public subnet please ensure assign Public IP address to the ECS service is set to true.

If it’s not then it will only have a private IP address and can’t reach the internet or AWS services.

In const fargateService Add assignPublicIp : true

profile picture
EXPERT
Gary Mclean
answered 8 months ago
  • tong_K
    7 months ago

    It worked. Thank you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content