Fargate task stuck on Pending state
Hello, I've ceated an ECS service with private subnet (no internet access) In the Task Definition, the role for image pull is the default predefined ECS rule. In order to allow communication towards ECR, I've created ecr-api endpoint, ecr-dkr enpoint and an s3 endpoint gateway using the very same subnet used in the service. The problem is that the Fargate service tasks are stuck in pending state. If I create a service with the same Task Definition using a public subnet of the default VPC, everything is working well. If I connect an instance to the private subnet I see that the ecr hostname is translated into local address. What am I missing?
My problem was related to IAM.
It appears that when working on a PrivateLink there's a need to attach the following policies to the ecsTaskExecutionRole Role:
- AmazonEC2ContainerRegistryReadOnly
- AmazonS3ReadOnlyAccess
It is recommended to customize the policies it and use specific resource of the relevant registry.
Relevant questions
Which role do I have to use for the Fargate tasks on AWS Batch?
Accepted Answerasked 6 months agoCodePipeline with ECS Fargate using Graviton2 is failing
asked 7 months agoUnable to run ECS Task using image from ECR
asked a year agoOverriding Hostname on ECS Fargate
Accepted Answerasked 5 months agoECS Fargate Task in EventBridge has ResourceInitializationError
asked 3 months agodefining the name of task definition json to run ecs task in github actions
asked 2 years agoECS Task Groups
asked 3 years agoHow to register IP address for ECS task at startup so that other resources can find it
Accepted Answerasked 2 years agoFargate task stuck on Pending state
asked a month agoECS: Unable to start task from within a private subnet without enabling public IP
asked 23 days ago
You can checkout the checklist items mentioned in the following link to ensure all setup are in right state. https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-tasks-pending-state/