'Amazon ECS error running docker image: container_linux.go:380: starting container process caused: exec: "/": permission denied

I am trying to run a Docker image from Amazon Elastic Container Registry but every time the task tries to start I get the following error message in ECS tasks logs view.

container_linux.go:380: starting container process caused: exec: "/": permission denied

Here is my Dockerfile

FROM node:16

# Installing libvips-dev for sharp compatibility
RUN apt-get update && apt-get install libvips-dev -y

# Create app directory
WORKDIR /usr/src/app

# Bundle app source
COPY . .

# Install everything
RUN npm install --verbose

# Build the app
RUN npm run build

# Install pm2
RUN npm install pm2 -g

# Expose 1337 port
EXPOSE 1337

CMD ["pm2-runtime", "start", "npm", "--name", "app-backend", "--", "run", "start"]

USER node

Listing the things I've tried / updated.

  • I changed my WORKDIR so it wasn't inside usr/src/app. Ref

  • I changed the location of global npm dependencies so they're not in the root directory: Reference

    ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
ENV PATH=$PATH:/home/node/.npm-global/bin

Note: I can run the Docker image fine locally

node.jsdockeramazon-ecsaws-fargate


Solution 1:[1]

Turns out it wasn't to do with my Dockerfile, but my terraform aws_ecs_task_definition. I had an entryPoint.

resource "aws_ecs_task_definition" "ecs-task-definition" {
  family                   = "app-${terraform.workspace}"
  network_mode             = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  memory                   = "1024"
  cpu                      = "512"
  execution_role_arn       = aws_iam_role.ecs-task-execution-role.arn
  container_definitions    = jsonencode([
    {
      "name": "app-container",
      "image": "${aws_ecr_repository.ecr.repository_url}:latest",
      "memory": 1024,
      "cpu": 512,
      "essential": true,
      "entryPoint": ["/"], <!-- This was the culprit.
      "portMappings": [
        {
          "containerPort": 1337,
          "hostPort": 1337
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "app-log-group-${terraform.workspace}",
          "awslogs-region": "eu-west-1",
          "awslogs-create-group": "true",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }])
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Karl Taylor

Related Questions