By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Getting a CannotPullContainerError container uri not found - Fargate Task Running in Public Subnet

0

Hello I have task defined for a fargate cluster for an image located on the ECR, but for some reason its not able to pull the container image from ECR... As this is has been asked before I referred to the following links to perform my troubleshooting:

From what I gather there are two key considerations:

  1. Role access to ECR from your task
  2. Internet access to public subnet

My task has the following definitions:

  • ecsTaskExecutionRole which has -> AmazonECSTaskExecutionRolePolicy -> which has the below actions assigned
    "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*"
  • awsvpc networking mode
  • it has the correct image URI in the definition
  • its using public subnet which is mapped to an internet gateway
  • the ENI for the task is getting a public IP Address Assigned

Any other considerations I'm missing?

p.s. Attaching some images in case its helpful.

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Enter image description here

Topics
ServerlessContainers
Tags
AWS FargateAmazon Elastic Container ServiceContainers
Language
English
profile picture
ECP_WIZZIE
asked a year ago280 views
2 Answers
0
Accepted Answer

I found the answer, the task definition was referencing 'LATEST' image tag instead of the version number. Going to look into having the image push to ECR with 'Latest' as the tag so I don't have to update the Task definition everytime I update the container.

profile picture
ECP_WIZZIE
answered a year ago
0

First, please review the following documents.
https://repost.aws/knowledge-center/ecs-pull-container-api-error-ecr
https://repost.aws/knowledge-center/ecs-fargate-pull-container-error

Other than the above, it has been my experience that increasing the memory capacity of the task definition has solved that error, so please try it.

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
  • ECP_WIZZIE
    a year ago

    Riku, thank you for your comment. So I followed those items, and one thing that I was missing was the endpoints and correct security group being attached to the VPC. I also edited the security group to accept all inbound and outbound connections for all ports, types and protocols and destination 0.0.0.0/0... The image is only 256 mb, and the task def calls for 3 GB, but I increased to 4 GB since you mentioned memory.

    Still unable to pull the image, though I get a different error: Rather than reference the URI, it just says the image 'is not found'.

    Just for fun I tried running the task via Fargate v1.3 -> error there is basically the same.

    The image is in a private repo in my ECR, does that matter?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content