Account A has the ECR repo and ECS cluster is running on Account B, both the accounts are running inside a VPC. Task definition running inside Account B unable to pull the docket image from Account A, but when the task definition set to run on AWS default VPC it is able to pull the container and run the service successfully. Is there a simple work around for Account B running inside VPC to pull the docker image from Account A without adding a NAT Gateway? Did anyone overcome this issue?
1 Answers
2
votes
inside VPC to pull the docker image from Account A without adding a NAT Gateway
If you don't want to use NAT to connect to ECR, the only option is to use ECR VPC interface endpoint. Details for cross-account setup involving ECR endpoints are given in AWS blog: