amazon-ecs-agent: Fargate: CannotPullContainer located on ECS registry

Summary

I tried many times, and even if an image is on the ECS registry, I get the following error:

CannotPullContainerError: API error (500): Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

or

CannotPullContainerError: API error (500): Get https://XXX.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Description

I am using images on ECS registry with fargate.

Expected Behavior

Provisioning would finish and container status becomes “RUNNING”

Observed Behavior

It keeps constantly in PENDING status (5 minutes at least) until it throws the error

Environment Details

  • fargate
  • image located on ECS registry

Supporting Log Snippets

no log available - fargate does not provide any log while provisioning docker containers

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 4
  • Comments: 15 (5 by maintainers)

Most upvoted comments

For anyone else who drops by here: I wrestled with this for a while until I figured out that, in addition to what @samuelkarp said above, I needed to add AssignPublicIp: Enabled to my network configuration. After adding this, I stopped getting the Client.Timeout exceeded while awaiting headers error.

NetworkConfiguration:
    AwsvpcConfiguration:
        AssignPublicIp: 'ENABLED'
+11
tklovett on Dec 15, 2017

@hadsed Security groups provide customizable rules to control inbound and outbound traffic. You can also choose to use NAT instead of adding a public IP address which will also let you restrict inbound traffic.

+1
samuelkarp on Jan 2, 2018
Read more comments on GitHub
← amazon-ecs-agent: Error getting message from ws backend
amazon-ecs-agent: Missing Cloudwatch metrics for ECS service  →