I'm new to AWS and I'm trying to deploy a multicontainer Docker application to Elastic Beanstalk. My Dockerrun.aws.json file is very simple, and it's the only thing that's uploaded to EB:
{
"AWSEBDockerrunVersion": 2,
"containerDefinitions": [
{
"name": "mycontainer",
"image": "somethingsomething.eu-central-1.amazonaws.com/myimage",
"essential": true,
"memory": 128
}
]
}
In http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html it says that when using a Docker image uploaded to Amazon ECR:
You do, however, need to provide your instances with permission to access the images in your Amazon ECR repository by adding permissions to your environment's instance profile. You can attach the AmazonEC2ContainerRegistryReadOnly managed policy to the instance profile to provide read-only access to all Amazon ECR repositories in your account
When deploying the application, it raises the following error:
ECS task stopped due to: Essential container in task exited. (myimage: CannotPullContainerError: AccessDeniedException: User: arn:aws:sts::xxx:assumed-role/aws-elasticbeanstalk-ec2-role/i-xyz is not authorized to perform: ecr:GetAuthorizationToken on resource: * status code: 400, request id: 4143c35d-)
I added the AWSElasticBeanstalkReadOnlyAccess to the aws-elasticbeanstalk-ec2-role, but it doesn't change anything...
Help?!
per https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html#iam-instanceprofile-addperms
open https://console.aws.amazon.com/iam/home#roles
Choose aws-elasticbeanstalk-ec2-role
On the Permissions tab, choose Attach policies.
select AmazonEC2ContainerRegistryReadOnly
Choose Attach policy
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With