My scanning agents keep starting up and immediately shutting down

The main reason we see this happening is the agent does not have a route (outbound over internet or through VPC Endpoint) path to Amazon ECR.

This scenario is where the Fargate Service Task cannot reach out to the ECR to get the task image itself to properly load it. What you'll find here is you'll get the following message:

STOPPED (ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve ecr registry auth: service call has been retried 1 time(s): RequestError: send request failed caused by: Post https://api.ecr....)

The agent service just needs to gain access to the ECR. There are two main ways to accomplish this:

  • Ensure your VPC is attached to an Internet Gateway with outbound access

  • Leverage VPC Endpoints to get you to ECR and API calls internally through AWS' network

This the Default Public Deployment from AWS VPC You can take an easier a look at the subnets involved and Network connections. Check that the Security Group has outbound access allowed as well

Don't forget about Security Groups. We have seen customers be tricked (really just forgotten about the rules they had in place) on gaining access to the console because of the SG that was in place.

If taking these steps does not resolve the problem, please Contact Us. We are here to help!

Last updated