# My scanning agents keep starting up and immediately shutting down

This scenario is where the Fargate Service Task cannot reach out to the ECR to get the task image itself to properly load it. What you'll find here is you'll get the following message:

> STOPPED (ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 1 time(s): RequestError: send request failed caused by: Post <https://api.ecr>....)

The agent service just needs to gain access to the ECR. There are two main ways to accomplish this:

* Ensure your VPC is attached to an Internet Gateway with outbound access
* Leverage VPC Endpoints to get you to ECR and API calls internally through AWS' network

<figure><img src="/files/edEwGWJD4WeioekPiu1A" alt=""><figcaption><p><strong>This the Default Public Deployment from AWS VPC</strong><br>You can take an easier a look at the subnets involved and Network connections. Check that the Security Group has outbound access allowed as well</p></figcaption></figure>

{% hint style="warning" %}
Both the console and the scanning agents can run in private subnets and do not require public IPs as long as they can communicate outbound and you can still get to the console.
{% endhint %}

Don't forget about **Security Groups**. We have seen customers be tricked (really just forgotten about the rules they had in place) on gaining access to the console because of the SG that was in place.

{% hint style="danger" %}
Security Groups can also have outbound restrictions. By default they are wide open, but that does not mean yours are. If the steps above do not fix this issue, double check your Security Group settings (outbound rules).
{% endhint %}

If taking these steps does not resolve the problem, please [Contact Us](/contact-us.md). We are here to help!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cloudstoragesec.com/trouble-shooting/my-scanning-agents-keep-starting-up-and-immediately-shutting-down.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.