By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to pull container in CodeBuild project even with loose policy

0

I have a CodeBuild project that tries to load a arm64 docker image as the build image before i even get any logging the steps show:

BUILD_CONTAINER_UNABLE_TO_PULL_IMAGE: Unable to pull customer's container image. CannotPullImageManifestError: Error response from daemon: denied: User: CodeBuild is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:ap-southeast-2:01223344455:reposito

In the policy for the codebuild i have set the permission very loose:

{ "Sid": "notverysecureiknow", "Effect": "Allow", "Action": "ecr:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" },

but still it throws the error. It looks like the error is truncated, so I can't check if it is the same repo that i setup in the CodeBuild project, but i have to assume that is the issue.

what else can i look at ?

Topics
Developer Tools
Tags
AWS CodeBuild
Language
English
clogwog
asked a month ago71 views
2 Answers
0
Accepted Answer

Hello.

As mentioned in the following Stackoverflow answer, make sure you specify the project service role in the credentials for pulling container images.
https://stackoverflow.com/questions/65590314/aws-codebuild-ecr-cannotpullcontainererror

profile picture
EXPERT
Riku_Kobayashi
answered a month ago
profile pictureAWS
EXPERT
Jordan Sandri
reviewed a month ago
0

Also switching the radio button to the Project Service Role in the 'Image pull credentials' helps :)

clogwog
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content