ividito
commented
3 years ago I also had this issue, and fixed it by adding the relevant services as VPC endpoints (for the same VPC and security group as my Fargate cluster).
Open ghost opened 3 years ago
ividito
commented
3 years ago I also had this issue, and fixed it by adding the relevant services as VPC endpoints (for the same VPC and security group as my Fargate cluster).
koalasy
commented
3 years ago I also had this issue, and fixed it by adding the relevant services as VPC endpoints (for the same VPC and security group as my Fargate cluster).
mind sharing what kind of relevant services have you added as VPC endpoints? thanks.
tobslob
commented
3 years ago @koalasy were you able to debug the error, I ran into this error just now.
tobslob
commented
3 years ago So I figured this out, you will need to add an inline policy to the task execution role. In my case, I added system manager service -> Getparameters (read access) actions -> Allow all resources
koalasy
commented
3 years ago So I figured this out, you will need to add an inline policy to the task execution role. In my case, I added system manager service -> Getparameters (read access) actions -> Allow all resources
your issue is different from mine, thank you for sharing the fix.
tzamanatdar
commented
3 years ago Need to add the arn key in IAM.
ividito
commented
3 years ago I also had this issue, and fixed it by adding the relevant services as VPC endpoints (for the same VPC and security group as my Fargate cluster).
mind sharing what kind of relevant services have you added as VPC endpoints? thanks.
You'll need to grab them from your error message. To start, you'll want to add these two. After that, it depends on how you've set your task up/which resources your task requires from AWS.
Ajris
commented
1 year ago For me it was an error with the ECR image url. I had a typo and one more number was added to the account in the task configuration. After changing it, everything seemed ok.
CasaSky
commented
1 year ago this blog contains all the information you'll need to correctly configure a private subnet using vpc endpoints: https://repost.aws/knowledge-center/ecs-unable-to-pull-secrets
The console of VPC menu is preparing on creation only one vpc endpoint for s3. Which is not enough for using fargate, therefore you'll need to add 3 extra endpoints: com.amazonaws.eu-central-1.ecr.dkr com.amazonaws.eu-central-1.ecr.api com.amazonaws.eu-central-1.logs
In addition to that verify that the ecsTaskExecutionRole is allowing: ssm:GetParameters ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:GetDownloadUrlForLayer ecr:BatchGetImage logs:CreateLogStream logs:PutLogEvents
After build everything, I was trying to do a test. But looks like there is an issue with the Task to be launched by Fargate. Below is the error message
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 1 time(s): RequestError: send request failed caused by: Post https://api.ecr....