How do I resolve the “error pulling image configuration: toomanyrequests” error when I use Docker images in CodeBuild?

Last updated: 2020-11-19

I want to resolve the “error pulling image configuration: toomanyrequests” error that I get when I use Docker images in AWS CodeBuild.

Short description

If you use Docker images in CodeBuild, you can experience throttling when you pull layers from the public DockerHub repository.

To resolve the error that you receive when throttling happens, you must configure CodeBuild to authenticate the layer pulls using your DockerHub account credentials.

Important: To complete the following steps, you must have a DockerHub account and the username and password for your account.

Resolution

Store your DockerHub credentials with AWS Secrets Manager

1.    Open the Secret Manager console.

2.    Choose Store a new secret.

3.    In the Select secret type section, choose Other type of secrets.

4.    In the Specify the key/value pairs to be stored in this secret section, choose the Secret key/value tab.

5.    In the first text box, enter username. In the second text box, enter your DockerHub username. Then, choose Add row.

6.    In the first text box of the new row, enter password. In the second text box, enter your DockerHub password. Then, choose Add row.

7.    Choose Next.

8.    For Secret name, enter a name for your secret. For example: dockerhub

9.    Choose Next.

10.    Confirm that the default setting for Disable automatic rotation is selected.

11.    Choose Next.

12.    Choose Store.

13.    From the Secret name column, choose your secret.

14.    In the Secret details section, note the Amazon Resource Name (ARN) for Secret ARN.

Resolve throttling that happens in the PROVISIONING phase

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose Edit, and then choose Environment.

5.    Choose Override image.

6.    For New environment image, choose Custom image.

7.    For Environment type, select your custom image.

8.    For Image registry, choose Other registry.

9.    For External registry URL, enter the name of your Docker image.

10.    For Registry credential, enter the secret ARN that you noted earlier.

11.    Choose Update environment.

Resolve throttling that happens in other phases

You must grant AWS Identity and Access Management (IAM) permissions to the CodeBuild service role to access the secret.

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose the Build details tab.

5.    In the Environment section, for Service role, choose the service role ARN. This opens the IAM console.

6.    On the Permissions tab, choose Add inline policy.

7.    Choose the JSON tab.

8.    Replace the code the text editor with the following IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "YOUR_SECRET_ARN*"
            ]
        }
    ]
}

Note: In the preceding code, replace YOUR_SECRET_ARN with the secret ARN that you noted earlier.

9.    Choose Review policy.

10.    For Name, enter a name for your policy. For example: dockerhub_secret_access

11.    Choose Create policy.

Configure CodeBuild to retrieve the secret

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose Edit, and then choose Environment.

5.    Expand the Additional configuration section.

6.    To add environment variables, in the Environment variables section, for Name, enter dockerhub_username.

7.    For Value, enter the name of your secret, followed by :username. For example: dockerhub:username

8.    For Type, choose Secrets Manager.

9.    Too add the next environment variable, choose Add environment variable.

10.    For Name, enter dockerhub_password.

11.    For Value, enter the name of your secret, followed by :password. For example: dockerhub:password

12.    For Type, choose Secrets Manager.

13.    Choose Update environment.

14.    Modify your buildspec and add the following command before performing any other Docker actions:

docker login -u $dockerhub_username -p $dockerhub_password

For example:

version: 0.2

phases:
  install:
    commands:
      - docker login -u $dockerhub_username -p $dockerhub_password
 
  build:
    commands:
      - docker pull docker:dind

Did this article help?


Do you need billing or technical support?