I get the following error, which I can't find anywhere else on the internet (lots of similar ones though!). CannotPullContainerError: Error response from daemon: Get https://[clientid].dkr.ecr.eu-west-1.amazonaws.com/v2/: Unable to connect
I have been looking at the following reference to troubleshoot: https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/
I am pretty sure I have done all these things and double or triple checked them - other things I have done to test:
Eliminated the possibility of an issue with endpoints by disassociating them with the relevant route tables.
Created an EC2 instance in a public subnet which the NAT Gateway pointed at by the private subnet is in, and one in the private subnet used by the Fargate task with the same permissions policies as the ecsTaskExecutionRole and connected to the EC2 instance in the private subnet via the bastion box in the public subnet. I am able to use the ECR api, e.g. batch-get-image and also pull Docker images from the ECR after logging in manually using the credentials given by the api.
Checked there is no policy on the ECR repository.
Logically this would indicate from the troubleshooting list that the problem is Your AWS Identity and Access Management (IAM) role doesn't have the right permissions to pull or push images, but I am using the ecsTaskExecutionRole which specifically has these permissions
I'm now completely out of ideas - wondering what I am doing wrong or if there is something else going on, especially given the slighly unusual error message. Any ideas?
This turned out to be a problem with the DHCP configuration.
Sorry for the noise, but possibly will help someone else.