# Amazon ECS stopped tasks error messages
The following are the possible error messages you may receive when your task stops unexpectedly.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
**Tip**
You can use the [Amazon ECS MCP server](ecs-mcp-introduction.md) with AI assistants to analyze task failures and container logs using natural language.
Stopped task error codes have a category associated with them, for example "ResourceInitializationError". To get more information about each category, see the following:
| Category | Learn more |
| --- | --- |
| TaskFailedToStart | [Troubleshooting Amazon ECS TaskFailedToStart errors](failed-to-start-error.md) |
| ResourceInitializationError | [Troubleshooting Amazon ECS ResourceInitializationError errors](resource-initialization-error.md) |
| ResourceNotFoundException | [Troubleshooting Amazon ECS ResourceNotFoundException errors](resource-not-found-error.md) |
| SpotInterruptionError | [Troubleshooting Amazon ECS SpotInterruption errors](spot-interruption-errors.md) |
| InternalError | [Troubleshooting Amazon ECS InternalError errors](internal-error.md) |
| OutOfMemoryError | [Troubleshooting Amazon ECS OutOfMemoryError errors](out-of-memory.md) |
| ContainerRuntimeError | [Troubleshooting Amazon ECS ContainerRuntimeError errors](container-runtime-error.md) |
| ContainerRuntimeTimeoutError | [Troubleshooting Amazon ECS ContainerRuntimeTimeoutError errors](container-runtime-timeout-error.md) |
| CannotStartContainerError | [Troubleshooting Amazon ECS CannotStartContainerError errors](cannot-start-container.md) |
| CannotStopContainerError | [Troubleshooting Amazon ECS CannotStopContainerError errors](cannot-stop-container.md) |
| CannotInspectContainerError | [Troubleshooting Amazon ECS CannotInspectContainerError errors](cannot-inspect-container.md) |
| CannotCreateVolumeError | [Troubleshooting Amazon ECS CannotCreateVolumeError errors](cannot-create-volume.md) |
| CannotPullContainer | [CannotPullContainer task errors in Amazon ECS](task_cannot_pull_image.md) |
# Troubleshooting Amazon ECS TaskFailedToStart errors
The following are some `TaskFailedToStart` error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## Unexpected EC2 error while attempting to Create Network Interface with public IP assignment enabled in subnet '*subnet-id*
This happens when a Fargate task that uses the `awsvpc` network mode and runs in a subnet with a public IP address, and the subnet does not have enough IP addresses.
The number of available IP addresses is available on the subnet details page in the Amazon EC2 console, or by using `[describe-subnets](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-subnets.html)`. For more information, see [View your subnet](https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html#view-subnet) in the *Amazon VPC User Guide*.
To fix this issue, you can create a new subnet to run your task in.
## InternalError: **
This error occurs when an ENI attachment is requested. Amazon EC2 asynchronously handles the provisioning of the ENI. The provisioning process takes time. Amazon ECS has a timeout in case there are long wait times or unreported failures. There are times when the ENI is provisioned, but the report comes to Amazon ECS after the failure timeout. In this case, Amazon ECS sees the reported task failure with an in-use ENI.
## The selected task definition is not compatible with the selected compute strategy
This error occurs when you chose a task definition with a launch type that does not match the cluster capacity type. You need to select a task definition that matches the capacity provider assigned to your cluster.
## Unable to attach network interface to unused device index
This error occurs when When using `awsvpc` networking type and there is not enough CPU/memory for the task. First, check the CPU for the instances. For more information, see [Amazon EC2 instance type specifications](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-type-specifications.html) in *Amazon EC2 instance types*. Take the CPU value for the instance and multiply it by the number of ENIs for the instance. Use that value e in the task definition.
## AGENT
The container instance that you attempted to launch a task onto has an agent that's currently disconnected. To prevent extended wait times for task placement, the request was rejected.
For information about how to troubleshoot an agent that's disconnected, see [How do I troubleshoot a disconnected Amazon ECS agent](https://repost.aws/knowledge-center/ecs-agent-disconnected-linux2-ami).
# Troubleshooting Amazon ECS ResourceInitializationError errors
The following are some `ResourceInitialization` error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
**Topics**
+ [
## The task cannot pull registry authentication from Amazon ECR. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
](#unable-to-pull-secrets-ecr)
+ [
## The task can't download the environment variable files from Amazon S3. There is a connection issue between the task and Amazon S3. Check your task network configuration.
](#failed-to-download-env-files)
+ [
## The task cannot pull secrets from AWS Systems Manager Parameter Store. Check your network connection between the task and AWS Systems Manager.
](#unable-to-pull-secrets-sys-manager)
+ [
## The task can’t pull secrets from AWS Secrets Manager. There is a connection issue between the task and Secrets Manager. Check your task network configuration.
](#unable-to-pull-secrets-asm-no-arn)
+ [
## The task can’t pull the secret from Secrets Manager. The task can't retrieve the secret with ARN ‘*secretARN*' from Secrets Manager. Check whether the secret exists in the specified Region.
](#unable-to-pull-secrets-asm)
+ [
## pull command failed: unable to pull secrets or registry auth Check your task network configuration.
](#pull-command-failed)
+ [
## The task cannot find the Amazon CloudWatch log group defined in the task definition. There is a connection issue between the task and Amazon CloudWatch. Check your network configuration.
](#failed-to-initialize-logging-network)
+ [
## failed to initialize logging driver
](#failed-to-initialize-logging)
+ [
## failed to invoke EFS utils commands to set up EFS volumes
](#efs-utils-failed)
## The task cannot pull registry authentication from Amazon ECR. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
This error indicates that the task can't connect to Amazon ECR.
Check the connection between the task and Amazon ECR. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can't download the environment variable files from Amazon S3. There is a connection issue between the task and Amazon S3. Check your task network configuration.
This error occurs when your task can't download your environment file from Amazon S3.
Check the connection between the task and the Amazon S3 VPC endpoint. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task cannot pull secrets from AWS Systems Manager Parameter Store. Check your network connection between the task and AWS Systems Manager.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Systems Manager.
Check the connection between the task and the Systems Manager VPC endpoint. For information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can’t pull secrets from AWS Secrets Manager. There is a connection issue between the task and Secrets Manager. Check your task network configuration.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Secrets Manager.
The error indicates that there is a network connectivity issue between the Systems Manager VPC endpoint and the task.
For information about how to verify the connectivity between the task and the endpoint, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can’t pull the secret from Secrets Manager. The task can't retrieve the secret with ARN ‘*secretARN*' from Secrets Manager. Check whether the secret exists in the specified Region.
This error occurs when your task can't pull the image defined in the task definition using the credentials in Secrets Manager.
This issue is caused by one of the following reasons:
| Error cause.. | Do this... |
| --- | --- |
| Network connectivity issue between the Secrets Manager VPC endpoint and the task. The problem is a network issue when you see any of the following strings in the error message: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-initialization-error.html) | Verify the connectivity between the task and the Secrets Manager endpoint. For more information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md). |
| The task execution role defined in the task definition doesn't have the permissions for Secrets Manager. | Add the required permissions for Secrets Manager to the task execution role. For more information, see [Secrets Manager or Systems Manager permissions](task_execution_IAM_role.md#task-execution-secrets). |
| The secret ARN doesn't exist | Check that the ARN exists in Secrets Manager. For information about viewing your images, see [Find secrets in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html) in the Secrets Manager Developer Guide. |
## pull command failed: unable to pull secrets or registry auth Check your task network configuration.
This error occurs when your task can't connect to Amazon ECR, Systems Manager, or Secrets Manager. This is due to a misconfiguration in your network.
To fix this issue, verify the connectivty between the task and Amazon ECR. You also need to check connectivity between your task and the service which stores your secret (Systems Manager, or Secrets Manager). For more information, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task cannot find the Amazon CloudWatch log group defined in the task definition. There is a connection issue between the task and Amazon CloudWatch. Check your network configuration.
This error occurs when your task fails to find the CloudWatch log group you defined in the task definition.
The error indicates that there is a network connectivity issue between the CloudWatch VPC endpoint and the task.
For information about how to verify the connectivity between the task and the endpoint, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## failed to initialize logging driver
This error occurs when your task fails to find the CloudWatch log group you defined in the task definition.
The error indicates that the CloudWatch group in the task definition does not exist.
Use the following steps to find the missing CloudWatch.
1. Run the following command to get the task definition information.
```
aws ecs describe-task-definition \
--task-definition task-def-name
```
Look at the output for each container and note the `awslogs-group` value.
```
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/example-group",
"awslogs-create-group": "true",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
},
```
1. Verify that the group existis in CloudWatch for more information, see [Working with log groups and log streams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html) in the *Amazon CloudWatch Logs User Guide*.
The issue is either that the group specified in the task definition is incorrect, or the log group does not exist.
1. Fix the issue.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-initialization-error.html)
## failed to invoke EFS utils commands to set up EFS volumes
The following issues might prevent you from mounting your Amazon EFS volumes on your asks:
+ The Amazon EFS file system isn't configured correctly.
+ The task doesn't have the required permissions.
+ There are issues related to network and VPC configurations.
For information about how to debug and fix this issue, see [Why can't I mount my Amazon EFS volumes on my AWS Fargate tasks](https://repost.aws/knowledge-center/fargate-unable-to-mount-efs) on AWS re:Post.
# Troubleshooting Amazon ECS ResourceNotFoundException errors
The following are some ` ResourceNotFoundException` error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## The task can't retrieve the secret with ARN '*sercretARN*' from AWS Secrets Manager. Check whether the secret exists in the specified Region.
This error occurs when the task can't retrieve the secret from Secrets Manager. This means that the secret specified in the task definition (and contained in the error message) does not exist in Secrets Manager.
The Region is in the error message.
Fetching secret data from AWS Secrets Manager in region *region*: secret *sercretARN*: ResourceNotFoundException: Secrets Manager can't find the specified secret.
For information about finding a secret, see [Find secrets in AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html) in the *AWS Secrets Manager User Guide*.
Use the following table to determine and address the error.
| Issue | Actions |
| --- | --- |
| The secret is in a different Region from the the task definition. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-not-found-error.html) |
| The task definition has the incorrect secret ARN. The correct secret exists in Secrets Manager. | Update the task definition with the correct secret. For more information, see [Updating an Amazon ECS task definition using the console](update-task-definition-console-v2.md) or [RegisterTaskDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RegisterTaskDefinition.html) in the Amazon Elastic Container Service API Reference. |
| The secret no longer exists. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/resource-not-found-error.html) |
# Troubleshooting Amazon ECS SpotInterruption errors
The `SpotInterruption` error has different reasons for Fargate and EC2s.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## Fargate
The `SpotInterruption` error occurs when there is no Fargate Spot capacity or when Fargate takes back Spot capacity.
You can have your tasks run in multiple Availability Zones to allow for more capacity.
## EC2
This error occurs when there are no available Spot Instances or EC2 takes back Spot Instance capacity.
You can have your instances run in multiple Availability Zones to allow for more capacity.
# Troubleshooting Amazon ECS InternalError errors
**Applies to**: Fargate
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
The `InternalError` error when the agent encounters an unexpected, non-runtime related internal error.
This error only occurs if using platform version `1.4` or later.
For information about how to debug and fix this issue, see [Amazon ECS stopped tasks error messages](stopped-task-error-codes.md).
# Troubleshooting Amazon ECS OutOfMemoryError errors
The following are some OutOfMemoryError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## container killed due to memory usage
This error occurs when a container exits due to processes in the container consuming more memory than was allocated in the task definition, or due to host or operating system constraints.
# Troubleshooting Amazon ECS ContainerRuntimeError errors
The following are some ContainerRuntimeError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## ContainerRuntimeError
This error occurs when the agent receives an unexpected error from `containerd` for a runtime-specific operation. This error is usually caused by an internal failure in the agent or the `containerd` runtime.
This error only occurs if you use platform version `1.4.0` or later (Linux) or `1.0.0` or later (Windows).
For information about how to debug and fix this issue, see [Why is my Amazon ECS task Stopped](https://repost.aws/knowledge-center/ecs-task-stopped) on AWS re:Post.
# Troubleshooting Amazon ECS ContainerRuntimeTimeoutError errors
The following are some ContainerRuntimeTimeoutError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## Could not transition to running; timed out after waiting 1m or Docker timeout error
This error occurs when a container can't transition to either a `RUNNING` or `STOPPED` state within the timeout period. The reason and timeout value is provided in the error message.
# Troubleshooting Amazon ECS CannotStartContainerError errors
The following are some CannotStartContainerError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## failed to get container status: **
This error occurs when a container can't be started.
If your container attempts to exceed the memory specified here, the container is stopped. Increase the memory presented to the container. This is the `memory` parameter in the task definition. For more information, see [Memory](task_definition_parameters.md#container_definition_memory).
# Troubleshooting Amazon ECS CannotStopContainerError errors
The following are some CannotStopContainerError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## CannotStopContainerError
This error occurs when a container can’t be stopped.
For information about how to debug and fix this issue, see [Why is my Amazon ECS task Stopped](https://repost.aws/knowledge-center/ecs-task-stopped) on AWS re:Post.
# Troubleshooting Amazon ECS CannotInspectContainerError errors
The following are some CannotInspectContainerError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## CannotInspectContainerError
This error occurs when the container agent can't describe the container through the container runtime.
When using platform version `1.3` or earlier, the Amazon ECS agent returns the reason from Docker.
When using platform version `1.4.0` or later (Linux) or `1.0.0` or later (Windows), the Fargate agent returns the reason from `containerd`.
For information about how to debug and fix this issue, see [Why is my Amazon ECS task Stopped](https://repost.aws/knowledge-center/ecs-task-stopped) on AWS re:Post.
# Troubleshooting Amazon ECS CannotCreateVolumeError errors
The following are some CannotCreateVolumeError error messages and actions that you can take to fix the errors.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
## CannotCreateVolumeError
This error occurs when the agent can't create the volume mount specified in the task definition.
This error only occurs if you use platform version `1.4.0` or later (Linux) or `1.0.0` or later (Windows).
For information about how to debug and fix this issue, see [Why is my Amazon ECS task Stopped](https://repost.aws/knowledge-center/ecs-task-stopped) on AWS re:Post.
# CannotPullContainer task errors in Amazon ECS
The following errors indicate that the task failed to start because Amazon ECS can't retrieve the specified container image.
**Note**
The 1.4 Fargate platform version truncates long error messages.
To check your stopped tasks for an error message using the AWS Management Console, see [Viewing Amazon ECS stopped task errors](stopped-task-errors.md).
**Tip**
You can use the [Amazon ECS MCP server](ecs-mcp-introduction.md) with AI assistants to investigate image pull errors using natural language.
**Topics**
+ [
## The task can’t pull the image. Check that the role has the permissions to pull images from the registry.
](#pull-request-image-not-found)
+ [
## The task cannot pull ‘*image-name*’ from the Amazon ECR repository ‘*repository URI*’. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
](#pull-image-io-timeout)
+ [
## The task can’t pull the image. Check your network configuration
](#pull-request-image-not-found-network)
+ [
## CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref
](#pull-request-image-tag)
+ [
## API error (500): Get https://111122223333.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection
](#request-canceled)
+ [
## API error
](#pull-request-api-error)
+ [
## write /var/lib/docker/tmp/*GetImageBlob111111111*: no space left on device
](#pull-request-write-error)
+ [
## ERROR: toomanyrequests: Too Many Requests or You have reached your pull rate limit.
](#container-pull-too-many-requests)
+ [
## Error response from daemon: Get *url*: net/http: request canceled while waiting for connection
](#container-pull-request-canceled-connection)
+ [
## ref pull has been retried 1 time(s): failed to copy: httpReaderSeeker: failed open: unexpected status code
](#container-pull-failed-open)
+ [
## pull access denied
](#container-pull-access-denied.title)
+ [
## pull command failed: panic: runtime error: invalid memory address or nil pointer dereference
](#container-pull-runtime-error.title)
+ [
## error pulling image conf/error pulling image configuration
](#container-pull-pulling-image.title)
+ [
## Context canceled
](#container-pull-context-canceled)
## The task can’t pull the image. Check that the role has the permissions to pull images from the registry.
This error indicates that the task can't pull the image specified in the task definition because of permission issues.
To resolve this issue:
1. Check that the image exists in the *repository*. For information about viewing your images, see [Viewing image details in Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-info.html) in the *Amazon Elastic Container Registry User Guide*.
1. Verify that the *role-arn* has the correct permissions to pull the image.
For information about how to update roles, see [Update permissions for a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-permissions.html) in the *AWS Identity and Access Management Use Guide*.
The task uses one of the following roles:
+ For tasks with the Fargate, this is the task execution role. For information about the additional permissions for Amazon ECR, [Fargate tasks pulling Amazon ECR images over interface endpoints permissions](task_execution_IAM_role.md#task-execution-ecr-conditionkeys).
+ For tasks with EC2, this is the container instance role. For information about the additional permissions for Amazon ECR, [Amazon ECR permissions](instance_IAM_role.md#container-instance-role-ecr).
## The task cannot pull ‘*image-name*’ from the Amazon ECR repository ‘*repository URI*’. There is a connection issue between the task and Amazon ECR. Check your task network configuration.
This error indicates that the task can't connect to Amazon ECR. Check the connection to the *repository URI* repository.
For information about how to verify and resolve the issue, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## The task can’t pull the image. Check your network configuration
This error indicates that the task can't connect to Amazon ECR.
For information about how to verify and resolve the issue, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref
This error indicates that the task can't pull the image.
To resolve this, you can:
+ Verify that the image specified in the task definition matches the image in the repository.
+ Amazon ECS forces image version stability. If the original image is no longer available you get this error. The image tag is part of enforcing this behavior. Change the image in the task definition from using :latest as the tag to a specifc version. For more information, see [Container image resolution](deployment-type-ecs.md#deployment-container-image-stability).
For information about how to verify and resolve the issue, see [Verifying Amazon ECS stopped task connectivity](verify-connectivity.md).
## API error (500): Get https://111122223333.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection
This error indicates that a connection timed out, because a route to the internet doesn't exist.
To resolve this issue, you can:
+ For tasks in public subnets, specify **ENABLED** for **Auto-assign public IP** when launching the task. For more information, see [Running an application as an Amazon ECS task](standalone-task-create.md).
+ For tasks in private subnets, specify **DISABLED** for **Auto-assign public IP** when launching the task, and configure a NAT gateway in your VPC to route requests to the internet. For more information, see [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*.
## API error
This error indicates that there is a connection issue with the Amazon ECR endpoint.
For information about how to resolve this issue, see [How can I resolve the Amazon ECR error "CannotPullContainerError: API error" in Amazon ECS](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-api-error-ecr/) on the Support website.
## write /var/lib/docker/tmp/*GetImageBlob111111111*: no space left on device
This error indicates that there is insufficient disk space.
To resolve this issue, free up disk space.
If you are using the Amazon ECS-optimized AMI, you can use the following command to retrieve the 20 largest files on your file system:
```
du -Sh / | sort -rh | head -20
```
Example output:
```
5.7G /var/lib/docker/containers/50501b5f4cbf90b406e0ca60bf4e6d4ec8f773a6c1d2b451ed8e0195418ad0d2
1.2G /var/log/ecs
594M /var/lib/docker/devicemapper/mnt/c8e3010e36ce4c089bf286a623699f5233097ca126ebd5a700af023a5127633d/rootfs/data/logs
...
```
In some cases, the root volume might be filled out by a running container. If the container is using the default `json-file` log driver without a `max-size` limit, it may be that the log file is responsible for most of that space used. You can use the `docker ps` command to verify which container is using the space by mapping the directory name from the output above to the container ID. For example:
```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50501b5f4cbf amazon/amazon-ecs-agent:latest "/agent" 4 days ago Up 4 days ecs-agent
```
By default, when using the `json-file` log driver, Docker captures the standard output (and standard error) of all of your containers and writes them in files using the JSON format. You can set the `max-size` as a log driver option, which prevents the log file from taking up too much space. For more information, see [JSON File logging driver](https://docs.docker.com/engine/logging/drivers/json-file/) in the Docker documentation.
The following is a container definition snippet showing how to use this option:
```
{
"log-driver": "json-file",
"log-opts": {
"max-size": "256m"
}
}
```
An alternative, if your container logs are taking up too much disk space, is to use the `awslogs` log driver. The `awslogs` log driver sends the logs to CloudWatch, which frees up the disk space that would otherwise be used for your container logs on the container instance. For more information, see [Send Amazon ECS logs to CloudWatch](using_awslogs.md).
You might need to update the disk size that Docker can access.
For more information, see [CannotPullContainerError: no space left on device](https://repost.aws/questions/QUx6Ix1R1SSNisYSs1Sw8EBA/cannotpullcontainererror-no-space-left-on-device).
## ERROR: toomanyrequests: Too Many Requests or You have reached your pull rate limit.
This error indicates that there is a Docker Hub rate limiting.
If you receive one of the following errors, you're likely hitting the Docker Hub rate limits:
For more information about the Docker Hub rate limits, see [Understanding Docker Hub rate limiting](https://www.docker.com/increase-rate-limits).
If you have increased the Docker Hub rate limit and you need to authenticate your Docker pulls for your container instances, see [Private registry authentication for container instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth-container-instances.html).
## Error response from daemon: Get *url*: net/http: request canceled while waiting for connection
This error indicates that a connection timed out, because a route to the internet doesn't exist.
To resolve this issue, you can:
+ For tasks in public subnets, specify **ENABLED** for **Auto-assign public IP** when launching the task. For more information, see [Running an application as an Amazon ECS task](standalone-task-create.md).
+ For tasks in private subnets, specify **DISABLED** for **Auto-assign public IP** when launching the task, and configure a NAT gateway in your VPC to route requests to the internet. For more information, see [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*.
## ref pull has been retried 1 time(s): failed to copy: httpReaderSeeker: failed open: unexpected status code
This error indicates that there was a failure when copying an image.
To resolve this issue, review one of the following articles:
+ For Fargate tasks, see [How do I resolve the "cannotpullcontainererror" error for my Amazon ECS tasks on Fargate](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-pull-container-error/).
+ For other tasks, see [How do I resolve the "cannotpullcontainererror" error for my Amazon ECS tasks](https://aws.amazon.com/premiumsupport/knowledge-center/ecs-pull-container-error/).
## pull access denied
This error indicates that there is no access to the image.
To resolve this issue, you might need to authenticate your Docker client with Amazon ECR For more information, see [Private registry authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) in the *Amazon ECR User Guide*.
## pull command failed: panic: runtime error: invalid memory address or nil pointer dereference
This error indicates that there is no access to the image because of an invalid memory address or nil pointer dereference.
To resolve this issue:
+ Check that you have the security group rules to reach Amazon S3.
+ When you use gateway endpoints, you must add a route in the route table to access the endpoint.
## error pulling image conf/error pulling image configuration
This error indicates a rate limit has been reached or there is a network error:
To resolve this issue, see[ How can I resolve the "CannotPullContainerError" error in my Amazon ECS EC2 Launch Type Task](https://repost.aws/knowledge-center/ecs-pull-container-error).
## Context canceled
This error indicates that the context was cancelled.
The common cause for this error is because the VPC your task is using doesn't have a route to pull the container image from Amazon ECR.