我正在尝试将 PostgresSQL 容器部署到私有子网。完整错误如下:
ResourceInitializationError: unable to pull secrets or registry auth: The task cannot pull registry auth from Amazon ECR: There is a connection issue between the task and Amazon ECR. Check your task network configuration. RequestError: send request failed caused by: Post "https://api.ecr.ap-south-1.amazonaws.com/": dial tcp xx.x.xxx.xxx:443: i/o timeout
这和 Spring Boot 应用程序都不会部署。
连接到子网的端点:
interfaces
com.amazonaws.ap-south-1.ecr.api
com.amazonaws.ap-south-1.ecr.dkr
com.amazonaws.ap-south-1.logs
com.amazonaws.ap-south-1.ssm
com.amazonaws.ap-south-1.secretsmanager
com.amazonaws.ap-south-1.s3
gateways
com.amazonaws.ap-south-1.s3.
还将公共 IP 地址附加到任务中。
以下是安全规则
入境规则
| 类型 | 协议 | 端口范围 | 来源 |
|---|---|---|---|
| 自定义 UDP | UDP | 443 | 我的IP |
| HTTPS | TCP | 443 | pl-78a54011 |
| HTTP | TCP | 80 | 我的IP |
| HTTPS | TCP | 443 | 我的IP |
| NFS | TCP | 2049 | sg-0c8bbb1b9b3692cbd |
出境规则
| Type | Protocol | Port Range | Source |
|-------------|----------|------------|-------------|
| All UDP | UDP | 0 - 65535 | 0.0.0.0/0 |
| NFS | TCP | 2049 | 0.0.0.0/0 |
| PostgreSQL | TCP | 5432 | 0.0.0.0/0 |
| All Traffic | All | ALL | 0.0.0.0/0 |
| HTTPS | TCP | 443 | pl-78a54011 |
| All TCP | TCP | 0 - 65535 | 0.0.0.0/0 |
| DNS (UDP) | UDP | 53 | 0.0.0.0/0 |
ecsTaskExecutionRole 添加到任务中 该任务有权限策略
AmazonECSTaskExecutionRolePolicy
AmazonSSMFullAccess
CloudWatchFullAccess
SecretsManagerReadWrite
我的 vpc 已启用“DNS 主机名”和“DNS 解析”
编辑:我已将 Internet 网关附加到私有子网,但仍然收到错误
在您的安全组中添加源为 0.0.0.0/0、端口 443 的入站规则。
谢谢@AshleyJ 的帮助