# STOPPED (CannotPullContainerError: Error response from daemon: manifest for image:tag not found: manifest unknown: manifest unknown) - **ID:** `aws/ecs-task-stopped-cannotpullcontainer` - **Domain:** aws - **Category:** runtime_error - **Error Code:** `CannotPullContainerError` - **Verification:** ai_generated - **Fix Rate:** 90% ## Root Cause The container image specified in the ECS task definition does not exist in the ECR repository or the tag is incorrect. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | ecs-2024 | active | — | — | | docker-24.0.7 | active | — | — | | amazon-ecs-agent-1.78.0 | active | — | — | ## Workarounds 1. **Verify the image URI in the task definition using: aws ecs describe-task-definition --task-definition mytask:1 --query 'taskDefinition.containerDefinitions[0].image'. Then check ECR: aws ecr describe-images --repository-name myrepo --image-ids imageTag=mytag. If missing, push the correct image: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:mytag && docker push account.dkr.ecr.region.amazonaws.com/myrepo:mytag** (90% success) ``` Verify the image URI in the task definition using: aws ecs describe-task-definition --task-definition mytask:1 --query 'taskDefinition.containerDefinitions[0].image'. Then check ECR: aws ecr describe-images --repository-name myrepo --image-ids imageTag=mytag. If missing, push the correct image: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:mytag && docker push account.dkr.ecr.region.amazonaws.com/myrepo:mytag ``` 2. **If using 'latest' tag, ensure it is explicitly pushed. ECR does not automatically tag 'latest' on push. Use: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:latest && docker push account.dkr.ecr.region.amazonaws.com/myrepo:latest** (85% success) ``` If using 'latest' tag, ensure it is explicitly pushed. ECR does not automatically tag 'latest' on push. Use: docker tag myapp:latest account.dkr.ecr.region.amazonaws.com/myrepo:latest && docker push account.dkr.ecr.region.amazonaws.com/myrepo:latest ``` ## Dead Ends - **** — 重复部署相同的任务定义不会改变镜像URI,错误持续存在。 (100% fail) - **** — 错误是关于镜像是否存在,而不是访问权限;权限问题会显示不同的错误消息。 (50% fail)