- Newest
- Most votes
- Most comments
This is still very much a problem and not related to permissions, it is related to how ECS interfaces with ECR. It seems that under the hood it looks for image manifests of already available images in the repository, rather than doing your usual "docker pull" command. The "docker pull" command is what actually triggers ECR to pull the image, not fetching the manifest. It seems that ECS was simply not made to directly run any image via a pull-through cache.
It would be awesome if this could be fixed
Ensure that your ECR repository has the correct permissions. The ECS task's IAM role or the EC2 instance profile associated with your ECS cluster should have permission to pull images from the ECR repository. Verify Docker-HubCache Configuration:Double-check your Docker-Hub pull-through cache configuration in ECR. Make sure it is correctly set up and associated with your ECR repository. If none of the above steps resolve it, consider reaching out to AWS support for more detailed assistance. They can help analyze specific logs and provide guidance based on the exact configuration and error messages you're encountering
Relevant content
- asked 3 years ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
The cluster has permission to pull from ECR. Indeed, after first manual pull, ECS manages to get the image from the ECR repo.
My current set up uses AmazonECSTaskExecutionRolePolicy which provides BatchGetImage permission. Is there additional permission required to trigger ECR to actually pull the image from DockerHub?