Search code examples
amazon-web-servicesdockeramazon-ecsaws-fargate

Docker Pull Rate Limit - AWS ECS Fargate

I running into an error deploying an application:

Step 1/7 : FROM --platform=linux/amd64 python:3.11-bullseye toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

Applications I've successfully deployed are also failing to update. I think my issue is anonymous login rate limit, and I may need to authenticate using my own docker account. If so I haven't been able to figure out how to do this in a Dockerfile.

FROM --platform=linux/amd64 python:3.11-bullseye

ENV PYTHONUNBUFFERED=1

WORKDIR /project_directory

COPY requirements.txt .

RUN pip3 install -r requirements.txt

COPY . .

CMD python manage.py runserver 0.0.0.0:8000
Solution

  • The docker file is used just to build the image. Its not involved in the dockerhub api or login process. Instead for ECS you can put your dockerhub credentials in AWS secrets manager and link them to your task definition. This is how ECS is able to do things like pull from private dockerhub repositories etc.

    In short the steps are

    1. Create an aws secrets manager secret with the dockerhub creds
    2. pass this secrets ARN to the task definition
    3. Ensure the task execution role has access to the secret. (This is not the task role)

    When ECS starts this task / service it should use the docker hub creds to pull the image.

    AWS provides a few articles around this

    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html

    https://aws.amazon.com/blogs/containers/authenticating-with-docker-hub-for-aws-container-services/