I am trying to launch a task in Amazon ECS but getting the following error:
CannotPullContainerError: Error response from daemon, request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
I was able to pull container in my local environment and it works fine but getting this error while trying to deploy in amazon environment.
The suggested checks from Amazon are as follows:
- Confirm that the subnet used to run a task has a route to an internet gateway or NAT gateway in a route table.
Note: Instead of an internet gateway or NAT gateway, you can use AWS PrivateLink. To avoid errors, be sure to correctly configure AWS PrivateLink or HTTP proxy.
- If you're launching tasks in a public subnet, choose ENABLED for Auto-assign public IP when you launch a task in the Amazon EC2 console. This allows your task to have outbound network access to pull an image.
- If you're using an Amazon provided DNS in your Amazon VPC, confirm that the security group attached to the instance has outbound access allowed for HTTPS (port 443).
If you're using a custom DNS, confirm that outbound access is allowed for DNS (UDP and TCP) on port 53 and HTTPS access on port 443.
- Verify that your network ACL rules aren't blocking traffic to the registry.
This error ultimately points to a network connectivity issue between the subnet or MicroVM your container runs on and the ECS service.
By default it will traverse the public internet (unless you have setup the correct VPC endpoints). So if you do not have outbound internet support you will not be able to connect to the ECR endpoint.