![](/img/trans.png)
[英]AWS ECS Fargate Platform 1.4 error ResourceInitializationError: unable to pull secrets or registry auth: execution resource
[英]ECS unable to pull secrets or registry auth, related to the api.ecr endpoint, Resourceinitializationerror
我已經嘗試了這里、 這里、 這里以及幾乎所有來自 Google 的關於錯誤的 SO 文章。
我有一個私人 ECR 映像,我正嘗試在公共 su.net 中使用 ECS 服務提取該映像。
Resourceinitializationerror: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 3 time(s): RequestError: send request failed caused by: Post "https://api.ecr.us-west-2.amazonaws.com/": dial tcp: lookup api.ecr.us-west-2.amazonaws.com: i/o timeout
{
"family": "chat-app-frontend",
"containerDefinitions": [
{
"name": "frontend",
"image": "576765093341.dkr.ecr.us-west-2.amazonaws.com/frontend:latest",
"cpu": 0,
"portMappings": [
{
"name": "frontend-80-tcp",
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/chat-app-frontend",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "ecs"
}
}
}
],
"taskRoleArn": "arn:aws:iam::576765093341:role/ecsTaskExecutionRole",
"executionRoleArn": "arn:aws:iam::576765093341:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "3072",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"ssm:GetParameters",
"secretsmanager:GetSecretValue",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": [
"arn:aws:secretsmanager:us-west-2:576765093341:secret:prod/ecr-private-registry",
"arn:aws:kms:us-west-2:576765093341:key/807cbd08-a0ce-4948-b681-a49c7553003a"
]
}
]
}
這些都附在公共 su.net 上。
{
"Statement": [
{
"Sid": "AccessSpecificAccount",
"Principal": {
"AWS": "*"
},
"Action": "secretsmanager:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
--endpoint-url https://api.ecr.us-west-2.amazonaws.com
我還想指出,沒有生成任何日志,這讓我懷疑整個 taskExecutionRole(我的額外權限策略)沒有以某種方式應用。
我在零配置(默認安全組)的默認 VPC 中啟動了該任務,它成功了。 我的 VPC 配置有問題。
我想補充一點,我能夠創建自定義 VPC 並使其正常工作,但如果我使用此模塊創建 VPC,它總是會失敗。
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.