- Newest
- Most votes
- Most comments
ECR doesn't seem to support IPv6 yet, as don't many other AWS services. The current list of services that do support IPv6 is here: https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html
However, since your instances still have private IPv4 addresses, I think you could fix the issue by creating a VPC endpoint for ECR in your VPC. Also ensure that your instances are using the normal Route 53 Resolver for DNS resolution, or if not, you'll have to configure your DNS resolver to resolve the public DNS names for ECR to the private IP addresses of the VPC endpoint.
There are more details about using VPC endpoints for ECR in this documentation article: https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html
DNS resolution is important in this case, because by default, when you deploy a VPC interface endpoint for an AWS service, such as ECR, the built-in DNS resolver in your VPC (called Route 53 Resolver) will automatically resolve the public names of the corresponding AWS service, such as ecr.eu-south-1.amazonaws.com, to the IP addresses of the VPC endpoints in your VPC for the same service.
If you used any DNS resolver outside your VPC, the name ecr.eu-south-1.amazonaws.com, for example, would resolve to the IPv4 IP address on the public internet, which your systems with internet access only over IPv6 can't reach. That's why it's convenient to use AWS's built-in resolver, which automatically integrates with the DNS names registered to the VPC endpoint services.
VPCs use Route 53 Resolver by default, so unless you've configured your systems to use an external DNS service, you are very likely using Route 53 Resolver. You can confirm simply by deploying the VPC endpoint for ECR in your VPC and testing to see if your issue is fixed.
I agree you shouldn't need an endpoint for ECS but for ECR.
Relevant content
- Accepted Answerasked 2 years ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Can you explain this? "Also ensure that your instances are using the normal Route 53 Resolver for DNS resolution, or if not, you'll have to configure your DNS resolver to resolve the public DNS names for ECR to the private IP addresses of the VPC endpoint."
In the last link there Is this information: "Amazon ECS tasks hosted on Fargate don't require the Amazon ECS interface VPC endpoints.". Please explain