1 Answer
0
Might be worth checking which ECR endpoint type you used, as there are two options when creating an endpoint for ECR:
com.amazonaws.region.ecr.dkr: This endpoint is used for the Docker Registry APIs. Docker client commands such as push and pull use this endpoint.
com.amazonaws.region.ecr.api: This endpoint is used for calls to the Amazon ECR API. API actions such as DescribeImages and CreateRepository go to this endpoint.
I've tested, and confirmed an nslookup with com.amazonaws.region.ecr.api returns the interface endpoint.
answered 13 days ago
Relevant content
- asked 9 months ago
- Accepted Answerasked 4 years ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi Tom,
Thanks for the reply, we have both of the endpoints deployed but the error message we got was that it was unable to retreieve ecr registry auth. This was caused by "https://api.ecr.eu-west-2.amazonaws.com/": dial tcp 52.94.53.88:443: i/o timeout. Which is because we're blocking external access so trying to get it through the endpoint.
Alex, Are you using a custom dhcp option set in this VPC?
No we are just using the default DHCP set
Please check your VPC DNS setting are set to: DNS hostnames: Enabled DNS resolution: Enabled
I was able to re-create your issue with DNS hostnames disabled, though it did take a while after enabling the setting for it to start using the local IP's
Hi Tom,
Thanks for reaching out again. I've checked in all the VPC's and both the DNS settings we're enabled.
The setup of these are that the endpoints are setup in a network account and the hosted zones for them is then associated with the other accounts. Seems strange that all the other endpoints are fine just the ECR one causing issues.
Thanks Alex