I have an amazon-ec2 instance, running Amazon Linux. Docker installed on that instance used to work just fine until I created a network ACL and applied it to the subnet, which my instance with Docker belongs to. The ACL contains restricts Inbound traffic to certain IP addresses and allows all Outbound traffic.
After that ACL had been applied to the subnet, pulling images from the https://hub.docker.com/ ("docker pull" command) stopped working and fails with the error:
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I tried looking into a Flow Logs and saw some incoming requests with status REJECTED. I suspect, that "docker-pull" causes some incoming connections which are blocked by the ACL. And these connections are coming from different IP addresses, so I could not find any "fixed" set of IPs which I could add to the allowed list in ACL.
Can anybody suggest the way to configure it properly and fix pulling docker images?
The ACL configuration:
