- Newest
- Most votes
- Most comments
Looks like there are a couple VPC interface endpoints setup in the VPC for ECR. Assuming that because the local dig returns local IPs. If thats true then check the security groups of the endpoints and instance, nacls of subnets, and endpoint policies. More info here: Amazon ECR interface VPC endpoints (AWS PrivateLink).
Returning the local IP is how those packets get routed to the VPC Interface endpoint and then to the ECR service, it is working as designed. Take a look at the VPC Reachability Analyzer to help find the blockage.
Also, consult AWS Config to see the timeline of any changes to the VPC configuration.
Thanks for the response! Indeed, you are correct: There is a endpoint setup for erc.dkr in this VPC. However, the instance in question is not in the subnet that the endpoint is configured for. I would not expect it to get a (private) DNS record for these services. Also, this setup has been working for several months without this issue arising. Unless something changed and in AWS's backend and I need more config, like manually setting up a DHCP option set?
Relevant content
- asked a month ago
- asked 2 years ago
- How do I troubleshoot using my on-premises Active Directory login to my RDS for SQL Server instance?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
Update
If I set the IP address in
/etc/hosts
to the public IP that I get when doing a dig from my local (laptop), login succeeds.i.e. in /etc/hosts, add:
63.32.243.33 111111111.dkr.ecr.eu-west-1.amazonaws.com