Fargate task with public IP timeout on ECR registry auth

I'm unable to run services with ECS because my Fargate container cannot reach ECR. So I'm getting the error:

Task stopped at: 2024-01-19T08:58:58.698Z
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 3 time(s): RequestError: send request failed caused by: Post "https://api.ecr.eu-west-1.amazonaws.com/": dial tcp 63.34.60.177:443: i/o timeout. Please check your task network configuration.

I'm checking everything that should be needed for egress traffic.

1 - Auto-assing public IP is enabled for my tasks, as you can see this is working fine:

2 - Service security group outbound rules allow all traffic:

3 - VPC Network ACL is the default one, having the following for inbound and outbound. So this shouldn't be the problem either,

• 100 - allow all IPv4
• 110 - allow all IPv6
• default deny all

4 - Public subnets have are attached to a route table with default route to Internet Gateway:

If I create an EC2 instance with the same security group in one of those subnets I can reach ECR without issues, I don't understand why traffic is being rejected. In VPC flow logs I can see packets are rejected but there's no security group or NACL that explain this issue.

Any advise on how to troubleshoot further?

EDIT: Added route table subnets associations

VPC was created using Terraform:

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.1"

  name           = "${local.namespace}-vpc"
  cidr           = "10.10.0.0/20"
  azs            = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  public_subnets = ["10.10.0.0/23", "10.10.2.0/23", "10.10.4.0/23"]

  enable_nat_gateway   = false
  enable_dns_hostnames = true
  enable_dns_support   = true
  enable_dhcp_options  = true
}