# Troubleshooting Amazon ECS ResourceInitializationError errors
The following are some `ResourceInitialization` error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
**Topics**
+ [
## The task cannot pull registry authentication from Amazon ECR. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
](#unable-to-pull-secrets-ecr)
+ [
## The task can't download the environment variable files from Amazon S3. There is a connection issue between the task and Amazon S3. Check your task network configuration.
](#failed-to-download-env-files)
+ [
## The task cannot pull secrets from AWS Systems Manager Parameter Store. Check your network connection between the task and AWS Systems Manager.
](#unable-to-pull-secrets-sys-manager)
+ [
## The task can’t pull secrets from AWS Secrets Manager. There is a connection issue between the task and Secrets Manager. Check your task network configuration.
](#unable-to-pull-secrets-asm-no-arn)
+ [
## The task can’t pull the secret from Secrets Manager. The task can't retrieve the secret with ARN ‘*secretARN*' from Secrets Manager. Check whether the secret exists in the specified Region.
](#unable-to-pull-secrets-asm)
+ [
## pull command failed: unable to pull secrets or registry auth Check your task network configuration.
](#pull-command-failed)
+ [
## The task cannot find the Amazon CloudWatch log group defined in the task definition. There is a connection issue between the task and Amazon CloudWatch. Check your network configuration.
](#failed-to-initialize-logging-network)
+ [
## failed to initialize logging driver
](#failed-to-initialize-logging)
+ [
## failed to invoke EFS utils commands to set up EFS volumes
](#efs-utils-failed)
## The task cannot pull registry authentication from Amazon ECR. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
This error indicates that the task can't connect to Amazon ECR.
Check the connection between the task and Amazon ECR. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can't download the environment variable files from Amazon S3. There is a connection issue between the task and Amazon S3. Check your task network configuration.
This error occurs when your task can't download your environment file from Amazon S3.
Check the connection between the task and the Amazon S3 VPC endpoint. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task cannot pull secrets from AWS Systems Manager Parameter Store. Check your network connection between the task and AWS Systems Manager.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Systems Manager.
Check the connection between the task and the Systems Manager VPC endpoint. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can’t pull secrets from AWS Secrets Manager. There is a connection issue between the task and Secrets Manager. Check your task network configuration.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Secrets Manager.
The error indicates that there is a network connectivity issue between the Systems Manager VPC endpoint and the task.
For information about how to verify the connectivity between the task and the endpoint, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can’t pull the secret from Secrets Manager. The task can't retrieve the secret with ARN ‘*secretARN*' from Secrets Manager. Check whether the secret exists in the specified Region.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Secrets Manager.
This issue is caused by one of the following reasons:
| Error cause.. | Do this... |
| --- | --- |
| Network connectivity issue between the Secrets Manager VPC endpoint and the task. The problem is a network issue when you see any of the following strings in the error message: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-initialization-error.html) | Verify the connectivity between the task and the Secrets Manager endpoint. For more information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md). |
| The task execution role defined in the task definition doesn't have the permissions for Secrets Manager. | Add the required permissions for Secrets Manager to the task execution role. For more information, see [Secrets Manager or Systems Manager permissions](task_execution_IAM_role.md#task-execution-secrets). |
| The secret ARN doesn't exist | Check that the ARN exists in Secrets Manager. For information about viewing your images, see [Find secrets in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html) in the Secrets Manager Developer Guide. |
## pull command failed: unable to pull secrets or registry auth Check your task network configuration.
This error occurs when your task can't connect to Amazon ECR, Systems Manager, or Secrets Manager. This is due to a misconfiguration in your network.
To fix this issue, verify the connectivty between the task and Amazon ECR. You also need to check connectivity between your task and the service which stores your secret (Systems Manager, or Secrets Manager). For more information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task cannot find the Amazon CloudWatch log group defined in the task definition. There is a connection issue between the task and Amazon CloudWatch. Check your network configuration.
This error occurs when your task fails to find the CloudWatch log group you defined in the task definition.
The error indicates that there is a network connectivity issue between the CloudWatch VPC endpoint and the task.
For information about how to verify the connectivity between the task and the endpoint, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## failed to initialize logging driver
This error occurs when your task fails to find the CloudWatch log group you defined in the task definition.
The error indicates that the CloudWatch group in the task definition does not exist.
Use the following steps to find the missing CloudWatch.
1. Run the following command to get the task definition information.
```
aws ecs describe-task-definition \
--task-definition task-def-name
```
Look at the output for each container and note the `awslogs-group` value.
```
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/example-group",
"awslogs-create-group": "true",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
},
```
1. Verify that the group existis in CloudWatch for more information, see [Working with log groups and log streams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html) in the *Amazon CloudWatch Logs User Guide*.
The issue is either that the group specified in the task definition is incorrect, or the log group does not exist.
1. Fix the issue.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-initialization-error.html)
## failed to invoke EFS utils commands to set up EFS volumes
The following issues might prevent you from mounting your Amazon EFS volumes on your asks:
+ The Amazon EFS file system isn't configured correctly.
+ The task doesn't have the required permissions.
+ There are issues related to network and VPC configurations.
For information about how to debug and fix this issue, see [Why can't I mount my Amazon EFS volumes on my AWS Fargate tasks](https://repost.aws/knowledge-center/fargate-unable-to-mount-efs) on AWS re:Post.