By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I resolve the "error pulling image configuration: toomanyrequests" error when I use Docker images in AWS CodeBuild?

4 minute read
0

I want to resolve the "error pulling image configuration: toomanyrequests" error that I get when I use Docker images in AWS CodeBuild.

Short description

If you use Docker images in CodeBuild, you can experience throttling when you pull layers from the public DockerHub repository.

To resolve the error that you receive when throttling happens, you must configure CodeBuild to authenticate the layer pulls using your DockerHub account credentials.

Important: To complete the following steps, you must have a DockerHub account and the user name and password for your account.

Resolution

Store your DockerHub credentials with AWS Secrets Manager

1.    Open the AWS Secrets Manager console.

2.    Choose Store a new secret.

3.    In the Select secret type section, choose Other type of secrets.

4.    In the Specify the key/value pairs to be stored in this secret section, choose the Secret key/value tab.

5.    In the first text box, enter username. In the second text box, enter your DockerHub user name. Then, choose Add row.

6.    In the first text box of the new row, enter password. In the second text box, enter your DockerHub password. Then, choose Add row.

7.    Choose Next.

8.    For Secret name, enter a name for your secret. For example: dockerhub

9.    Choose Next.

10.    Confirm that the default setting for Disable automatic rotation is selected.

11.    Choose Next.

12.    Choose Store.

13.    From the Secret name column, choose your secret.

14.    In the Secret details section, note the Amazon Resource Name (ARN) for Secret ARN.

Note: If you have created a secret configured with a customer managed encryption key, you must add permissions for the kms:Decrypt action using the configured key.

Resolve throttling that happens in the PROVISIONING phase

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose Edit, and then choose Environment.

5.    Choose Override image.

6.    For New environment image, choose Custom image.

7.    For Environment type, select your custom image.

8.    For Image registry, choose Other registry.

9.    For External registry URL, enter the name of your Docker image.

10.    For Registry credential, enter the secret ARN that you noted earlier.

11.    Choose Update environment.

Resolve throttling that happens in other phases

Important: You must grant AWS Identity and Access Management (IAM) permissions to the CodeBuild service role to access the secret.

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose the Build details tab.

5.    In the Environment section, for Service role, choose the service role ARN. This opens the IAM console.

6.    On the Permissions tab, choose Add inline policy.

7.    Choose the JSON tab.

8.    Replace the code the text editor with the following IAM policy:

Note: Replace YOUR_SECRET_ARN with the secret ARN that you noted earlier.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue"
      ],
      "Resource": [
        "YOUR_SECRET_ARN*"
      ]
    }
  ]
}

9.    Choose Review policy.

10.    For Name, enter a name for the policy. For example: dockerhub_secret_access Note: You can choose any name for the policy. The name is for your own future reference only.

11.    Choose Create policy.

Configure CodeBuild to retrieve the secret

1.    Open the CodeBuild console.

2.    In the navigation pane, choose Build, and then choose Build projects.

3.    Choose your build project.

4.    Choose Edit, and then choose Environment.

5.    Expand the Additional configuration section.

6.    To add environment variables, in the Environment variables section, for Name, enter DOCKERHUB_USERNAME.

7.    For Value, enter the name of your secret, followed by :username. For example: dockerhub:username

8.    For Type, choose Secrets Manager.

9.    To add the next environment variable, choose Add environment variable.

10.    For Name, enter DOCKERHUB_PASSWORD.

11.    For Value, enter the name of your secret, followed by :password. For example: dockerhub:password

12.    For Type, choose Secrets Manager.

13.    Choose Update environment.

14.    Modify your buildspec and add the following command before performing any other Docker actions:

echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin

Warning: This command can record details of your docker login username and password in build logs. After resolving the throttle error, reset your docker password.

For example:

version: 0.2

phases:
  install:
    commands:
      - echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin 
  build:
    commands:
      - docker pull docker:dind
Topics
Developer Tools
Tags
AWS CodeBuild
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated a year ago
No comments

Relevant content