< Marvin> when I deploy a flow to ECS and run the flow I get Prefect Community #ask-marvin

<@ULVA73B9P> when I deploy a flow to ECS and run t...

Fugo Takefusa

09/23/2025, 2:03 AM

@Marvin when I deploy a flow to ECS and run the flow. I get this error docker.errors.ImageNotFound: 404 Client Error for http+docker://localnpipe/v1.51/images/create?tag=latest&fromImage=image2: Not Found ("pull access denied for image2, repository does not exist or may require 'docker login': denied: requested access to the resource is denied")

Marvin

09/23/2025, 2:04 AM

✅ thought for 252.8 seconds

Marvin

09/23/2025, 2:08 AM

That error is coming from the local Docker engine (note the http+docker://localnpipe path — that’s the Windows named pipe to your local Docker daemon). In other words, your flow run is being picked up by a Docker worker and it’s trying to pull an image called

image2:latest

locally — it’s not running on ECS. This usually happens when: - The deployment is assigned to a Docker work pool (or the wrong pool) instead of an ECS work pool, or - You started a Docker worker instead of an ECS worker, or - The image name is incorrect or private and cannot be pulled. Quick checks - In the Prefect UI, open the flow run and confirm the “Infrastructure” says ECS. If it says Docker, it’s not going to ECS. - Verify the deployment’s work_pool_name is your ECS work pool. - Check the worker you started: it should be an ECS worker attached to your ECS work pool (not a Docker worker). - Confirm the image you configured is a fully-qualified image (not just

image2

) and that it exists in the registry you expect. If you intend to run on ECS 1) Use an ECS work pool and start an ECS worker. 2) Set a fully-qualified image in your deployment’s job_variables, e.g. an ECR or Docker Hub path:

Copy code

job_variables = {
  "image": "<http://123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:1.2.3|123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:1.2.3>",
  # optionally: cluster, subnets, security_groups, cpu, memory, task_role_arn, execution_role_arn, etc.
}

3) Private registry notes: - ECR: Push the image to ECR and ensure your ECS task execution role includes the AmazonECSTaskExecutionRolePolicy so ECS can pull from ECR. - Private Docker Hub (or other private registries): Configure repository credentials on the ECS task/container definition (via AWS Secrets Manager). The ECS worker supports passing these through job variables so ECS can pull the image. Docs: Prefect ECS guide If you actually intended to run with a local Docker worker - Use a valid image name (e.g.,

myuser/myimage:tag

) and ensure it exists. - If the image is private, run

docker login

to the appropriate registry before the worker pulls it. To help you quickly, could you share: - The work pool type/name your deployment uses - Which worker you started (and the first few lines of its startup log) - The exact image string set on the deployment (redact account IDs if needed) - Whether the image is private and where it’s hosted (ECR, Docker Hub, etc.)

Open in Slack

Previous Next