cannot run ecs container on ec2 instance in private subnet
Question
I'm trying to run the container of a service I created with AWS ECS. But the ecs agent on the EC2 instance fails to retrieve some configuration from an AWS managed s3 bucket:
Failed to pull image ...........dkr.ecr.eu-west-1.amazonaws.com/........:latest: error pulling image configuration: Get https://prod-eu-west-1-starport-layer-bucket.s3-eu-west-1.amazonaws.com/.......: dial tcp 54.231.141.131:443: i/o timeout
the instance is running in a private subnet, that I configured using this tutorial .
I can curl www.google.co.uk from the instance, but I cannot ping/curl s3-eu-west-1.amazonaws.com , which I can from my computer and from a bastion on the public subnet associated to the same VPC.
The issue looks similar to the unsolved question ECS agent can not successfully pull image from ECR but my problem is just about retrieving that configuration from that s3 bucket.
1 answers
solution1
-1 2019-08-14 07:35:59
You need to whitelist/ allow outbound access to https://prod-eu-west-1-starport-layer-bucket.s3-eu-west-1.amazonaws.com from your ecs instances because it is used internally by AWS to manage ECR image layers.
Check the below references for more details : https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-minimum-s3-perms.html https://github.com/awsdocs/amazon-ecr-user-guide/issues/8#start-of-content
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.