Expected behavior
AWS CodeBuild for ECS tasks are able to authenticate and pull images for docker Pro accounts.
Actual behavior
Code Build fails with: pull access denied for <account_id>.dkr.ecr.us-east-1.amazonaws.com, repository does not exist or may require 'docker login’
Additional Information
I am new to docker and ECS/Fargate, and I’m working through the AWS Mythical Mysfits tutorial. After several successful builds I hit the docker rate limit, always when pulling Ubuntu:latest.
I followed the guidance on this link: https://aws.amazon.com/blogs/containers/advice-for-customers-dealing-with-docker-hub-rate-limits-and-a-coming-soon-announcement/
And this link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
Based on these and a few other AWS docs, I did the following:
- I paid for the docker Pro license.
- I pulled and pushed ubuntu:latest image to an AWS ECR private repo.
- I created a Secret with my docker credentials.
- I attached the following roles to my ECS task execution role: AmazonECSTaskExecutionRolePolicy, AmazonEC2ContainerServiceforEC2Role, and an in-line policy for the docker secrets.
I still get the above error.
I think I’m missing something with my ECS container setup. Somehow I’m supposed to add Private repository authentication. But I can’t update the existing container, nor can I add a new container without ECS complaining.
Is there an easier way to do this? Using the ECR seems to be complicating things.
Thanks for any help!!