CannotPullContainerError: Error response from daemon: pull access denied for ECR Repo Image, repository does not exist or may require 'docker login'
I have pushed a docker image in an ECR Repo in SourceAccount.
I have deployed a codepipeline in the SourceAccount.
When that codepipeline is run, it deploys ECS stack in TargetAccount. In that stack, ECS tasks are created with containers using the above said image from SourceAccount. However, those tasks remain pending and moved to stopped state ultimately. They show the following error:
Status reason CannotPullContainerError: Error response from daemon: pull access denied for <SourceAccountId>.dkr.ecr.<Region>.amazonaws.com/<RepoName>, repository does not exist or may require 'docker login'
Please advise how to pull images from SourceAccount ECR and create ECS tasks in TargetAccount.
Note:
1) When I push the same image in the ECR of TargetAccount, everything works fine. ECS tasks fail to run only when trying to pull images from another account.
2) The stack rolled back with the following error:
Service arn:aws:ecs:<Region>:<TargetAccount>:service/<ServiceName> did not stabilize.
Answer
As specified on https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html, you need to specify the AWS account id, when you use docker pull:
docker pull aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest