Retrieving an image from ECR for a Fargate Service

0

Somewhat new to AWS, I'm trying to build a POC with CDK in python using ECR, Fargate with ALB, and an API Gateway. I've been able to publish an image to an ECR repo, but when I try pulling it into the service, it fails by hanging on the CloudFormation stack indefinitely with a lot of events stuck at CREATE_IN_PROCESS. The only error log I can find is in the cluster service logs - "exec /docker-entrypoint.sh: exec format error" which seems to be a mismatch between the image and runner infrastructure. I built the image again with --platform linux/amd64 and published it to ECR, but still getting the same errors.

The only way I've been able to get it working, is to use ContainerImage.from_registry(). I've tried both ContainerImage.from_ecr_repository(ecr.Repository.from_repository_name(self, "TestRepo", "test-repo")) and ContainerImage.from_asset(ecs.ContainerImage.from_asset(directory='./', file='Dockerfile')) to grab the dockerfile directly, both hang from the same point. Is there anywhere else I might be able to find more descriptive logging, or anything that stands out as an issue in my code? I appreciate any help or resources that can put me on the right path!

class TesttStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # push Docker image to ECR
        docker_image = ecr_assets.DockerImageAsset(self, "TesttDockerImage",
            directory="./", file="Dockerfile"
        )

        image = ecs.ContainerImage.from_asset(directory='./', file='Dockerfile')

        # This is the only way I can get it to successfully deploy
        # image = ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")

        # Create an IAM role for the ECS task
        task_role = iam.Role(self, "TesttTaskRole", assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"))

        # Fargate ECS with ALB
        ecsp.ApplicationLoadBalancedFargateService(self, "TesttWebServer",
            task_image_options=ecsp.ApplicationLoadBalancedTaskImageOptions(
                image=image,
                container_port=80,
                task_role=task_role
            ),
            public_load_balancer=True
        )

        # API Gateway is working

Dockerfile:

FROM public.ecr.aws/amazonlinux/amazonlinux:latest

# Update installed packages and install Apache
RUN yum update -y && \
 yum install -y httpd

# Write hello world message
RUN echo 'Hello World!' > /var/www/html/index.html

# Configure Apache
RUN echo 'mkdir -p /var/run/httpd' >> /root/run_apache.sh && \
 echo 'mkdir -p /var/lock/httpd' >> /root/run_apache.sh && \
 echo '/usr/sbin/httpd -D FOREGROUND' >> /root/run_apache.sh && \
 chmod 755 /root/run_apache.sh

EXPOSE 80

CMD /root/run_apache.sh
1 Answer
0

The error message exec /docker-entrypoint.sh: exec format error does, indeed, mean that the container image either has been built for Arm and you are trying to run it as an x86 Fargate task, or vice versa that the container image has been built for x86 and you are trying to run it as a Graviton Fargate task.

I'm not familiar enough with the CDK constructs you are using, but would start by checking the container image that you have in the repo and then the ECS task definition for the task to make sure the settings match how the container image is built. In particular, you'll want to look at the cpuArchitecture setting.

Unless explicitly defined, cpuArchitecture defaults to X86_64, but needs to be set to ARM64 to run the task on Graviton.

profile pictureAWS
Mats
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions