You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to run a build on an AWS instance configured with an EC2 Role on a private subnet (no Public IP nor NAT gateway) fails with a timeout connecting to ecr.REGIONID.amazonaws.com (ex: ecr.eu-west-1.amazonaws.com)
Command will hang for a while and then return a Connection timed out
$ mvn -X docker:build
...
[INFO] --- docker-maven-plugin:0.32.0:build (default-cli) @ dkr-test ---
...
[DEBUG] DOCKER> System environment not set for variable AWS_ACCESS_KEY_ID, no AWS credentials found
[DEBUG] DOCKER> No user and password set for ECR, checking EC2 instance role
[DEBUG] DOCKER> Found instance role wwa-svc-jenkins-slave, getting temporary security credentials
[DEBUG] DOCKER> Received temporary access key ASIARWPR...
[DEBUG] DOCKER> AuthConfig: credentials from EC2 instance role
[DEBUG] DOCKER> registry = 123123123123.dkr.ecr.eu-west-1.amazonaws.com, isValid= true
[DEBUG] DOCKER> Get ECR AuthorizationToken from ecr.eu-west-1.amazonaws.com
[ERROR] DOCKER> Connect to ecr.eu-west-1.amazonaws.com:443 [ecr.eu-west-1.amazonaws.com/52.95.118.96] failed: Connection timed out (Connection timed out) [Connect to ecr.eu-west-1.amazonaws.com:443 [ecr.eu-west-1.amazonaws.com/52.95.118.96] failed: Connection timed out (Connection timed out)]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:12 min
[INFO] Finished at: 2020-01-13T16:15:15Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.fabric8:docker-maven-plugin:0.32.0:build (default-cli) on project dkr-test: Connect to ecr.eu-west-1.amazonaws.com:443 [ecr.eu-west-1.amazonaws.com/52.95.118.96] failed: Connection timed out (Connection timed out) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal io.fabric8:docker-maven-plugin:0.32.0:build (default-cli) on project dkr-test: Connect to ecr.eu-west-1.amazonaws.com:443 [ecr.eu-west-1.amazonaws.com/52.95.118.96] failed: Connection timed out (Connection timed out)
Solution
ECR was made accessible through VPC Endpoints about a year ago and the endpoint URL seems to have changed around that time to api.ecr.REGIONID.amazonaws.com. EcrExtendedAuth needs to be updated accordingly.
The text was updated successfully, but these errors were encountered:
joaori
added a commit
to joaori/docker-maven-plugin
that referenced
this issue
Jan 13, 2020
Description
Trying to run a build on an AWS instance configured with an EC2 Role on a private subnet (no Public IP nor NAT gateway) fails with a timeout connecting to ecr.REGIONID.amazonaws.com (ex: ecr.eu-west-1.amazonaws.com)
Info
mvn -v) :Docker version : 19.03.5, build 633a0ea838
How to reproduce :
Start an EC2 instance with:
a) Subnet with access to no NAT gateway and Auto-assign Public IP disabled
b) IAM role set
SSH to the instance (from VPN or other intermediate server with Internet access and access to the instance)
Run mvn -X docker:build on the following pom.xml
Command will hang for a while and then return a Connection timed out
Solution
ECR was made accessible through VPC Endpoints about a year ago and the endpoint URL seems to have changed around that time to api.ecr.REGIONID.amazonaws.com.
EcrExtendedAuth needs to be updated accordingly.
The text was updated successfully, but these errors were encountered: