What to do if you get a "Cannot Pull Container Error" when starting ECS Fargate
This is an error that occurred when I wanted to get an image from Docker Hub in a Fargate task. We will introduce the causes and remedies.
Cause of "Cannot Pull Container Error"
The main reason is that the image cannot be pulled because communication from the subnet to the external network is not possible.
How to deal with "Cannot Pull Container Error" when starting Fargate
I will introduce how to deal with "Cannot Pull Container Error" when starting Fargate.
1. The subnet set in Fargate is not able to communicate with the outside
If communication from the subnet set in Fargate cannot be performed to the outside, an "Cannot Pull Container Error" error will occur.
Communication from the route table associated with the subnet to the Internet gateway or NAT gateway must be allowed.
Furthermore, the above error will occur if the settings are not set to allow communication to the outside through those Internet gateways or NAT gateways.
Settings for Internet gateway
In the case of Internet gateway, you can set it so that it can communicate with the outside by setting as follows.
2. Network ACL outbound is not allowed
By default, network ACLs are allowed to connect to the outside as shown below, but if communication is not allowed in the settings, communication with the outside is not possible.
If that doesn't work, try allowing all communication once as follows.
Summary
"Cannot Pull Container Error" was an error that occurred without being able to communicate with the outside. Please note that AWS cannot communicate with the outside if it is not set correctly.
It would be helpful if you could point out any strange or unclear points.
reference
https://aws.amazon.com/jp/premiumsupport/knowledge-center/ecs-pull-container-error/