Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
Fargate currently only pulls images from ECR using the ipv4 endpoint, which makes it impossible to use Fargate without assigning public IPv4 addresses or paying for a privatelink endpoint. Even if you provide the dualstack endpoint for the image in the container definition (e.g. <registry-id>.dkr-ecr.<aws-region>.on.aws), the task startup fails after a few minutes with an error like:
ResourceInitializationError: unable to pull secrets or registry auth: The task cannot pull registry auth from Amazon ECR: There is a connection issue between the task and Amazon ECR. Check your task network configuration. operation error ECR: GetAuthorizationToken, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , request send failed, Post "https://api.ecr.REGIONXXX.amazonaws.com/": dial tcp 3.102.50.197:443: i/o timeout
Which service(s) is this request for?
Fargate/ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
I'm trying to use fargate tasks as the targets for a dualstack-without-public-ipv4 ALB without incurring additional costs for ipv4 addresses, by running the fargate tasks in a subnet that uses ipv6 for outbound communication.
Community Note
Tell us about your request
Fargate currently only pulls images from ECR using the ipv4 endpoint, which makes it impossible to use Fargate without assigning public IPv4 addresses or paying for a privatelink endpoint. Even if you provide the dualstack endpoint for the image in the container definition (e.g. <registry-id>.dkr-ecr.<aws-region>.on.aws), the task startup fails after a few minutes with an error like:
Which service(s) is this request for?
Fargate/ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
I'm trying to use fargate tasks as the targets for a dualstack-without-public-ipv4 ALB without incurring additional costs for ipv4 addresses, by running the fargate tasks in a subnet that uses ipv6 for outbound communication.