By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Fargate task stuck on Pending state

0

Hello, I've ceated an ECS service with private subnet (no internet access) In the Task Definition, the role for image pull is the default predefined ECS rule. In order to allow communication towards ECR, I've created ecr-api endpoint, ecr-dkr enpoint and an s3 endpoint gateway using the very same subnet used in the service. The problem is that the Fargate service tasks are stuck in pending state. If I create a service with the same Task Definition using a public subnet of the default VPC, everything is working well. If I connect an instance to the private subnet I see that the ecr hostname is translated into local address. What am I missing?

Topics
Networking & Content DeliveryServerlessContainers
Tags
Amazon VPCAWS FargateAmazon Elastic Container ServiceAWS PrivateLink
Language
English
CuriousUser
asked 2 years ago495 views
1 Answer
0

My problem was related to IAM.
It appears that when working on a PrivateLink there's a need to attach the following policies to the ecsTaskExecutionRole Role:

  • AmazonEC2ContainerRegistryReadOnly
  • AmazonS3ReadOnlyAccess It is recommended to customize the policies it and use specific resource of the relevant registry.
CuriousUser
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content