ecr: Cannot upload docker image via DockerImageAsset (cdk default ecr enabled tag immutable attribute) #30591

ivorycirrus · 2024-06-20T05:39:52Z

Describe the bug

Docker image upload fail.
Container image is created by DockerImageAsset.

new DockerImageAsset(this, 'SchemaMigrator', {
        directory: schemaMigratorPath,
        platform: Platform.LINUX_AMD64
})

Cdk default ecr repository (cdk-hnb659fds-container-assets-${account}-${region}) enabled tag immutable.

When Tag Immutable disabled manually, the cdk code deployed successfully.

Expected Behavior

DockerImageAsset can upload docker image to ecr.

Current Behavior

Error messages shows

${project-name}:  fail: docker push ${account}.dkr.ecr.ap-northeast-2.amazonaws.com/cdk-hnb659fds-container-assets-${account}-ap-northeast-2:ae4bc5dc2133bccd9dc0504403cac704028226e8e2b01e8a48b33d18f4fcfb29 exited with error code 1: Post "https://${account}.dkr.ecr.ap-northeast-2.amazonaws.com/v2/cdk-hnb659fds-container-assets-${account}-ap-northeast-2/blobs/uploads/": net/http: TLS handshake timeout

Reproduction Steps

1/ Empty AWS account
2/ Cdk bootstrap
3/ Deploy container image using DockerImageAsset

Possible Solution

Disable tag immutable to ecr repo (cdk-hnb659fds-container-assets-${account}-${region})

Additional Information/Context

No response

CDK CLI Version

2.146.0 (build b368c78)

Framework Version

No response

Node.js Version

v20.14.0

OS

macOS Sonoma 14.5

Language

TypeScript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

ashishdhingra · 2024-06-20T22:37:28Z

@ivorycirrus Good afternoon. Somehow, I'm unable to reproduce the issue using CDK version 2.146.0 (build b368c78).

Bootstrapped fresh CDK environment using cdk bootstrap aws://<<account-id>>/us-east-2.

 ⏳  Bootstrapping environment aws://<<account-id-REDACTED>>/us-east-2...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution
-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
✅  Environment aws://<<account-id-REDACTED>>/us-east-2 bootstrapped.

Developed the below CDK stack:

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { DockerImageAsset, Platform } from 'aws-cdk-lib/aws-ecr-assets';
import path = require('path');

export class Issue30591Stack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    new DockerImageAsset(this, 'SchemaMigrator', {
      directory: path.join(__dirname, 'my-image'),
      platform: Platform.LINUX_AMD64
    });
  }
}

lib/my-image/Dockerfile

FROM public.ecr.aws/amazonlinux/amazonlinux:2.0.20240610.1-arm64v8

RUN echo "Hello World"

Deployed the stack using cdk deploy:

✨  Synthesis time: 4.92s

Issue30591Stack:  start: Building f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Built f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  start: Building b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack:  start: Publishing f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Published f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Built b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack:  start: Publishing b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
The push refers to repository [<<account-id-REDACTED>>.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-139480602983-us-east-2]
662a07bcdbf3: Preparing
893d21607a43: Preparing
662a07bcdbf3: Pushed
893d21607a43: Pushed
b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31: digest: sha256:059cfe49b4190c3d6bb2cddd926dff9fb72e113589e7b39f4728e12e8a18a44b size: 734
Issue30591Stack:  success: Published b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack: deploying... [1/1]
Issue30591Stack: creating CloudFormation changeset...

 ✅  Issue30591Stack

✨  Deployment time: 13.44s

Stack ARN:
arn:aws:cloudformation:us-east-2:<<account-id-REDACTED>>:stack/Issue30591Stack/06363970-2f54-11ef-8414-028c04b9981f

✨  Total time: 18.35s

Kindly note that the default credentials profile configured on my system has Administrative access.

Could you please confirm:

Docker version on your system
Did you modify tag immutability or any resource in CDK bootstrapped environment manually? (in my case it is Enabled for fresh bootstrapped environment)

Thanks,
Ashish

github-actions · 2024-06-23T00:18:32Z

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

aws-cdk-automation · 2024-07-25T17:45:44Z

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

ivorycirrus added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 20, 2024

github-actions bot added the @aws-cdk/aws-ecr Related to Amazon Elastic Container Registry label Jun 20, 2024

ashishdhingra added needs-reproduction This issue needs reproduction. and removed needs-triage This issue or PR still needs to be triaged. labels Jun 20, 2024

ashishdhingra self-assigned this Jun 20, 2024

ashishdhingra added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jun 20, 2024

github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 23, 2024

github-actions bot mentioned this issue Jun 24, 2024

Weekly issue metrics report #30636

Closed

github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 28, 2024

github-actions bot closed this as completed Jun 28, 2024

github-actions bot mentioned this issue Jul 1, 2024

Monthly issue metrics report #30714

Closed

aws locked as resolved and limited conversation to collaborators Jul 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ecr: Cannot upload docker image via DockerImageAsset (cdk default ecr enabled tag immutable attribute) #30591

ecr: Cannot upload docker image via DockerImageAsset (cdk default ecr enabled tag immutable attribute) #30591

ivorycirrus commented Jun 20, 2024

ashishdhingra commented Jun 20, 2024

github-actions bot commented Jun 23, 2024

aws-cdk-automation commented Jul 25, 2024