Bobcares

Troubleshoot ECS tasks for Fargate that are stuck Pending state

by | Aug 19, 2021

Wondering how to troubleshoot the ECS tasks for Fargate that are stuck Pending state? We can help you!

As a part of our AWS Support Services, we often receive similar requests from our AWS customers.

Today, let’s see the steps followed by our Support Techs to help our customers to troubleshoot ECS tasks for Fargate that are stuck Pending state.

 

ECS tasks for Fargate are in Pending state

 
A pending state may be due to a slow network, inability to schedule a task due to resources, or some issue with the ECS agent running on underlying EC2 container instances.

Now, let’s see why the tasks for Fargate are in the PENDING state.
 

Check the routes to the internet that uses our subnet

 
Firstly, we need to check what routes to the internet your subnets are using.

  • For Fargate tasks in a private subnet, we need to check and verify that our Fargate task has a default route (0.0.0.0/0) to NAT gateway, AWS PrivateLink, or any other source of internet connectivity.

Note that while using PrivateLink, confirm that the security groups for VPC endpoints allow the Fargate to use these security groups.

  • Check and verify that our Fargate task has an assigned public IP address and a default route (0.0.0.0/0) to an internet gateway for Fargate tasks in a Public subnet.

For doing this we need to enable the Enable auto-assign public IPv4 address while launching the task.
 

Check VPC endpoints

 
We need to confirm that we have the required endpoints if we are using AWS PrivateLink:

The endpoints required for Fargate platform versions 1.4.0 or later:

  • S3 gateway endpoint
  • com.amazonaws.region.ecr.api
  • com.amazonaws.region.ecr.dkr

For Fargate platform versions 1.3.0 or earlier, the endpoints required are:

  • S3 gateway endpoint
  • com.amazonaws.region.ecr.dkr

If the task definition uses AWS Secrets Manager, SSM parameters, or Amazon CloudWatch Logs, then we might define the endpoints.
 

Check network ACL and security group settings

 
Check and verify that our network ACL and security groups don’t block outbound access to port 443 from the subnet. To enable outgoing traffic and reach Amazon ECS endpoints, Fargate tasks must have outbound access to port 443.
 

Check the IAM roles and  the permissions

 
To make AWS API calls, the task execution role grants the Amazon ECS container and Fargate agents permission.

Therefore we need to confirm that we have the right permissions for the task execution role for the following scenarios:

  • To Pull a container image from Amazon ECR.
  • For Using private registry authentication.
  • For checking sensitive data using Secrets Manager secrets.
  • To use the awslogs log driver.

[Need help with more AWS queries? We’d be happy to assist]
 

Conclusion

 
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to troubleshoot ECS tasks for Fargate that are stuck Pending state.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF