3

I cannot figure out how to run AWS Batch via Fargate platform. All I'm trying to do is a hello world echo and write the file to S3.

I'm getting the following error:

CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref public.ecr.aws/amazonlinux/amazonlinux:latest: failed to do request: Head "https://public.ecr.aws/v2/amazonlinux/amazonlinux/manifests/latest": dial tcp [ID]: i/o timeout

Here's my job definition that I registered:

{
  "jobDefinitionName": "fargate-hello-world",
  "type": "container",
  "containerProperties": {
    "image": "public.ecr.aws/amazonlinux/amazonlinux:latest",
    "command": [
      "echo",
      "Hello world",
      "|",
      "aws",
      "s3",
      "cp",
      "-",
      "s3://[BUCKET-NAME]/test.txt"
    ],
    "jobRoleArn": "arn:aws:iam::[ID]:role/ecsTaskExecutionRole",
    "executionRoleArn": "arn:aws:iam::[ID]:role/ecsTaskExecutionRole",
    "resourceRequirements": [
      {
        "value": "2.0",
        "type": "VCPU"
      },
      {
        "value": "4096",
        "type": "MEMORY"
      }
    ]
  },
  "platformCapabilities": [
    "FARGATE"
  ]
}

I've removed some of the details and replaced with [ID] and [BUCKET-NAME].

  • Is this a permissions/policy issue?
  • Is this an issue with my job definition?
  • If not, what could this be?

I've also tried with just using amazonlinux:latest as the container path and the full dockerhub tag docker.io/amazonlinux:latest

I thought this would fix it but apparently not: AWS Batch Timeout connecting to ECR

Any help to get me going in the right direction would be really appreciated.

O.rka
  • 29,847
  • 68
  • 194
  • 309

1 Answers1

6

It sounds like you are either deploying the Fargate task into a private subnet that does not have access to the Internet, or you are deploying to a public subnet but you have the assignPublicIp setting set to false. In either scenario, the Fargate task can't reach anything outside of the VPC, so it can't connect to any image registry such as DockerHub or ECR.

If you are deploying to a private subnet, you need to add a NAT Gateway to your VPC in a public subnet, and a route to the NAT Gateway in your private subnet's route table.

If you are deploying to a public subnet, you need to set assignPublicIp to true.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • I used the default settings when creating a fargate compute environment which I believe is a private subnet. What's the best way to set up a public subnet? – O.rka Jun 03 '23 at 23:18
  • I'm not sure what default settings you are talking about. If you are talking about your AWS account's default VPC, then it will have a public subnet in it already. That's the only "default" network you get in AWS. – Mark B Jun 04 '23 at 13:44