Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref [IMAGE PATH] failed to do request: i/o timeout

Tags:

amazon-web-services

timeout

amazon-s3

aws-fargate

aws-batch

I cannot figure out how to run AWS Batch via Fargate platform. All I'm trying to do is a hello world echo and write the file to S3.

I'm getting the following error:

CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref public.ecr.aws/amazonlinux/amazonlinux:latest: failed to do request: Head "https://public.ecr.aws/v2/amazonlinux/amazonlinux/manifests/latest": dial tcp [ID]: i/o timeout

Here's my job definition that I registered:

{
  "jobDefinitionName": "fargate-hello-world",
  "type": "container",
  "containerProperties": {
    "image": "public.ecr.aws/amazonlinux/amazonlinux:latest",
    "command": [
      "echo",
      "Hello world",
      "|",
      "aws",
      "s3",
      "cp",
      "-",
      "s3://[BUCKET-NAME]/test.txt"
    ],
    "jobRoleArn": "arn:aws:iam::[ID]:role/ecsTaskExecutionRole",
    "executionRoleArn": "arn:aws:iam::[ID]:role/ecsTaskExecutionRole",
    "resourceRequirements": [
      {
        "value": "2.0",
        "type": "VCPU"
      },
      {
        "value": "4096",
        "type": "MEMORY"
      }
    ]
  },
  "platformCapabilities": [
    "FARGATE"
  ]
}

I've removed some of the details and replaced with [ID] and [BUCKET-NAME].

  • Is this a permissions/policy issue?
  • Is this an issue with my job definition?
  • If not, what could this be?

I've also tried with just using amazonlinux:latest as the container path and the full dockerhub tag docker.io/amazonlinux:latest

I thought this would fix it but apparently not: AWS Batch Timeout connecting to ECR

Any help to get me going in the right direction would be really appreciated.

like image 823
O.rka Avatar asked Jan 23 '26 06:01

O.rka

1 Answers

It sounds like you are either deploying the Fargate task into a private subnet that does not have access to the Internet, or you are deploying to a public subnet but you have the assignPublicIp setting set to false. In either scenario, the Fargate task can't reach anything outside of the VPC, so it can't connect to any image registry such as DockerHub or ECR.

If you are deploying to a private subnet, you need to add a NAT Gateway to your VPC in a public subnet, and a route to the NAT Gateway in your private subnet's route table.

If you are deploying to a public subnet, you need to set assignPublicIp to true.

like image 88
Mark B Avatar answered Jan 25 '26 23:01

Mark B
Sign in to Comment

Related questions

Check if SQS exists in AWS using .NET
Can't connect to RDS PostgreSQL DB instance through an RDS proxy
AWS - Give readonly permissions for all services

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!