I'm starting a task in ECS using Fargate and after being in PENDING for a little bit it ends up in STOPPED with the following error:
STOPPED (CannotPullContainerError: "Error response from daem
When I expand out the details I see
STOPPED (CannotPullContainerError: "Error response from daemon: Get https://id.dkr.ecr.ap-southeast-2.amazonaws.com/v2/: net/http: request canceled while waiting for connection"
with the reason
(Client.Timeout exceeded while awaiting headers)
So the task can't access the container for some reason, but I'm not sure what permission is missing and from what resource. I've read around a bit and the only real suggestion I've found is to add AssignPublicIp: ENABLED to the AwsvpcConfiguration but that didn't help.
So it looks the error message has changed at some point: https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/ has steps to work through but mentions the error CannotPullContainerError: API error which might be synonymous with CannotPullContainerError: "Error response from daem?
For me at least, creating an AWS::EC2::VPCEndpoint seems to have got me further.