Expected behavior

AWS CodeBuild for ECS tasks are able to authenticate and pull images for docker Pro accounts.

Actual behavior

Code Build fails with: pull access denied for <account_id>.dkr.ecr.us-east-1.amazonaws.com, repository does not exist or may require ‘docker login’

Additional Information

I am new to docker and ECS/Fargate, and I’m working through the AWS Mythical Mysfits tutorial. After several successful builds I hit the docker rate limit, always when pulling Ubuntu:latest.

I followed the guidance on this link: Advice for customers dealing with Docker Hub rate limits, and a Coming Soon announcement | Containers

And this link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html

Based on these and a few other AWS docs, I did the following:

• I paid for the docker Pro license.
• I pulled and pushed ubuntu:latest image to an AWS ECR private repo.
• I created a Secret with my docker credentials.
• I attached the following roles to my ECS task execution role: AmazonECSTaskExecutionRolePolicy, AmazonEC2ContainerServiceforEC2Role, and an in-line policy for the docker secrets.

I still get the above error.

I think I’m missing something with my ECS container setup. Somehow I’m supposed to add Private repository authentication. But I can’t update the existing container, nor can I add a new container without ECS complaining.

Is there an easier way to do this? Using the ECR seems to be complicating things.

Thanks for any help!!