I have pushed a docker image in an ECR Repo in SourceAccount.
I have deployed a codepipeline in the SourceAccount.
When that codepipeline is run, it deploys ECS stack in TargetAccount. In that stack, ECS tasks are created with containers using the above said image from SourceAccount. However, those tasks remain pending and moved to stopped state ultimately. They show the following error:
Status reason CannotPullContainerError: Error response from daemon: pull access denied for <SourceAccountId>.dkr.ecr.<Region>.amazonaws.com/<RepoName>, repository does not exist or may require 'docker login'
Please advise how to pull images from SourceAccount ECR and create ECS tasks in TargetAccount.
Note:
1) When I push the same image in the ECR of TargetAccount, everything works fine. ECS tasks fail to run only when trying to pull images from another account.
2) The stack rolled back with the following error:
Service arn:aws:ecs:<Region>:<TargetAccount>:service/<ServiceName> did not stabilize.
Open the Amazon ECR console at https://console.aws.amazon.com/ecr/repositories . From the navigation bar, choose the Region that contains the repository to edit. In the navigation pane, choose Repositories. On the Repositories page, choose the Private tab and then select the repository to edit and choose Edit.
To authenticate Docker to an Amazon ECR registry with get-login-password, run the aws ecr get-login-password command. When passing the authentication token to the docker login command, use the value AWS for the username and specify the Amazon ECR registry URI you want to authenticate to.
As specified on https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html, you need to specify the AWS account id, when you use docker pull
:
docker pull aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With