Concourse on Kubernetes can't get image from AWS ECR repo

Here is my resource definition

  - name: image-resource
    type: docker-image
    source:
      repository: my-account-id.dkr.ecr.us-west-2.amazonaws.com/my-image
      tag: latest
      aws_access_key_id: ((aws-permissions.key_id))
      aws_secret_access_key: ((aws-permissions.key))

I know that these parameters are being set because otherwise when interpolating it would throw an error.

The error message I receive is as follows
resource script ‘/opt/resource/check []’ failed: exit status 1

stderr:
failed to get ECR credentials: credentials not found in native keychain

Ive seen a couple topics in regards to this but none that actually fix my issue. Including this open GitHub issue for the docker image resource type https://github.com/concourse/docker-image-resource/issues/270

any help would be greatly appreciated
Cheers,
Evan

There are numerous reasons for a failure of this type. First thing I’d check is the CloudWatch events from around the time of the failure. They may shed some light on if and how AWS is handling the request.

Might be as simple as the policy for the keys provided aren’t actually correctly. But it could also be the networking ACLs blocking the request.

You can try executing into the resource directly and running the commands manually to see if there is more debug that might have been hidden from you. This can be hit or miss. Depending on where and how the error presents the resource might Be immediately cleaned up, so if you have direct access to the cluster, then set up a pod based using the same docker and poke around in there. Mainly just see if you can narrow down the cause a bit.

Hope that helps.