我正在CannotPullContainerError尝试通过AWS Step Function启动ECS Fargate任务。 here文档说要向子网添加NAT网关。我已经做到了,仍然出现此错误。
我使用的是专用子网,已禁用公共IP,并且已定义NAT网关。我有一个定义为将0.0.0.0/0映射到NAT网关的路由表,并且此路由表与子网关联。关联的安全组和网络ACL允许所有出站流量。 VPC已启用DNS解析。
我已经审查了以下相关问题:
AWS Fargate - CannotPullContainerError (500)?
Fargate error: cannot pull container hosted in ECR from a private subnet
Fargate Task with Nat Gateway fails to connect with RDS database
Executing Step Function "Tasks" using ECS Fargate
还有其他我想念的东西吗?我在这里看到了很多问题,但是已经解决了提到的问题(通常是NAT网关和路由表)。
错误:
CannotPullContainerError: Error response from daemon:
Get https://123456789012.dkr.ecr.us-west-2.amazonaws.com/v2/:
net/http: request canceled while waiting for connection
(Client.Timeout exceeded while awaiting headers)"
希望能提供有用的信息:
subnetId: subnet-015a0400000000
networkInterfaceId: eni-04e50000000
privateIPv4Address: 10.51.17.8-2c
ClusterArn: arn:aws:ecs:us-west-2:951740000000:cluster/step-function-executor
ContainerArn: arn:aws:ecs:us-west-2:951740000000:container/08450000000",
Image: 951740000000.dkr.ecr.us-west-2.amazonaws.com/step-function-image:latest
NetworkBindings: []
NetworkInterfaces:
AttachmentId: 4a3b0000000
PrivateIpv4Address": 10.51.17.8
TaskArn: arn:aws:ecs:us-west-2:951740000000:task/690d0000000
TaskDefinitionArn: arn:aws:ecs:us-west-2:951740000000:task-definition/step-function-xyz
LaunchType: FARGATE
PullStartedAt: 1599440424569
PullStoppedAt: 1599440513569
Route table:
Destination Target
------------- ---------------
10.41.0.0./16 local
0.0.0.0/0 nat-046d0000000
NAT Gateway
Gateway ID: nat-046d0000000
Private IP: 10.51.x.x
Elastic IP Address 52.13.x.x
答案 0 :(得分:1)
最后,问题出在安全组上。我将现有安全组添加到AWS Step Function定义中,从而解决了该问题。