2 Answers
- Newest
- Most votes
- Most comments
2
From the error message you shared it looks like ECS was sending a request to the prod-eu-central-1-starport-layer-bucket.s3.eu-central-1.amazonaws.com bucket to download the container image layer but instead the request reached prod-eu-central-1-starport-layer-bucket.s3.amazonaws.com which causes a certificate mismatch.
It looks like something in your environment manipulates the DNS.
- Are you using VPC endpoint to reach ECR and S3 in the VPC where your ECS cluster is deployed?
- Check if perhaps you have a route 53 private hosted zone attached you your VPC with a CNAME record that does this manipulation
aws route53 list-hosted-zones-by-vpc \
--vpc-id <your-vpc-id> \
--vpc-region <your-vpc-region>
0
- Yes, we are.
- While we do have a couple of hosted zones they are both public.
I'm sorry I can't provide more information, as I've looked around I haven't found anything about our setup that differs from the documentation pages I've read. It seems like we have a very basic setup of ECS and ECR.
answered 24 days ago
Relevant content
- asked a year ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago