Looking for advice on what I'm missing. Fargate container fails to start with the error CannotPullContainerError: Error response from daem
EDIT: Longer error response
Status reason CannotPullContainerError: Error response from daemon: Get https://{account}.dkr.ecr.{region}.amazonaws.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I created a non-default VPC with CIDR block 50.10.0.0/16. In the VPC, I have 3 public subnets with an internet gateway attached and subnet route table with 0.0.0.0/0 as a record. (I am able to launch an EC2 instance in these subnets, it received a public IP, and I can connect to it via SSH.) My VPC also has DNS hostname and DNS resolution enabled.
On the Task definition side, I created a Fargate task using network mode = awsvpc, requires FARGATE compatibility, and is trying to pull a container from a private ECR that looks like {account}.dkr.ecr.{region}.amazonaws.com/{imagename}:latest. Launching the container I use platform v1.3.0 and enable AUTO-ASSIGN PUBLIC IP. In my security group, I allow All Traffic both inbound and outbound on 0.0.0.0/0. For my Role, I am using one that has the following policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:*",
"secretsmanager:*",
"ssm:*",
"logs:*",
"sqs:*",
"s3:*",
"ecr:*",
"ecs:*",
"ec2:*"
],
"Resource": "*"
}
]
}
and trusted entities for ecs.amazonaws.com and ecs-tasks.amazonaws.com.
Watching the Task as it goes from PENDING to STOPPED, I can see that the ENI receives a public IP. Always, I get the same error. Thanks in advance!
