CannotPullContainerError
aws
runtime_error
ai_generated
true
STOPPED (CannotPullContainerError: Error response from daemon: manifest for image:tag not found: manifest unknown: manifest unknown)
ID: aws/ecs-task-stopped-cannotpullcontainer
90%Fix Rate
88%Confidence
1Evidence
2023-11-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| ecs-2024 | active | — | — | — |
| docker-24.0.7 | active | — | — | — |
| amazon-ecs-agent-1.78.0 | active | — | — | — |
Root Cause
The container image specified in the ECS task definition does not exist in the ECR repository or the tag is incorrect.
generic中文
ECS任务定义中指定的容器镜像在ECR仓库中不存在,或标签不正确。
Official Documentation
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-definition-template.htmlWorkarounds
-
90% success Verify the image URI in the task definition using: aws ecs describe-task-definition --task-definition mytask:1 --query 'taskDefinition.containerDefinitions[0].image'. Then check ECR: aws ecr describe-images --repository-name myrepo --image-ids imageTag=mytag. If missing, push the correct image: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:mytag && docker push account.dkr.ecr.region.amazonaws.com/myrepo:mytag
Verify the image URI in the task definition using: aws ecs describe-task-definition --task-definition mytask:1 --query 'taskDefinition.containerDefinitions[0].image'. Then check ECR: aws ecr describe-images --repository-name myrepo --image-ids imageTag=mytag. If missing, push the correct image: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:mytag && docker push account.dkr.ecr.region.amazonaws.com/myrepo:mytag
-
85% success If using 'latest' tag, ensure it is explicitly pushed. ECR does not automatically tag 'latest' on push. Use: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:latest && docker push account.dkr.ecr.region.amazonaws.com/myrepo:latest
If using 'latest' tag, ensure it is explicitly pushed. ECR does not automatically tag 'latest' on push. Use: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:latest && docker push account.dkr.ecr.region.amazonaws.com/myrepo:latest
中文步骤
Verify the image URI in the task definition using: aws ecs describe-task-definition --task-definition mytask:1 --query 'taskDefinition.containerDefinitions[0].image'. Then check ECR: aws ecr describe-images --repository-name myrepo --image-ids imageTag=mytag. If missing, push the correct image: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:mytag && docker push account.dkr.ecr.region.amazonaws.com/myrepo:mytag
If using 'latest' tag, ensure it is explicitly pushed. ECR does not automatically tag 'latest' on push. Use: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:latest && docker push account.dkr.ecr.region.amazonaws.com/myrepo:latest
Dead Ends
Common approaches that don't work:
-
100% fail
重复部署相同的任务定义不会改变镜像URI,错误持续存在。
-
50% fail
错误是关于镜像是否存在,而不是访问权限;权限问题会显示不同的错误消息。