I am trying to get Terraform set up to build a Docker image of an ASP.NET Core Web API to use in a tech demo. When I try to terraform apply I get the following error:
docker_image.sample-ecs-api-image: Creating...
Error: failed to read downloaded context: failed to load cache key: invalid response status 403
with docker_image.sample-ecs-api-image,
on main.tf line 44, in resource "docker_image" "sample-ecs-api-image":
44: resource "docker_image" "sample-ecs-api-image" {
This is my main.tf file:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.80.0"
}
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
required_version = ">= 1.10.1"
}
provider "aws" {
region = "us-east-1"
profile = "tparikka-dev"
}
provider "docker" {
registry_auth {
address = data.aws_ecr_authorization_token.token.proxy_endpoint
username = data.aws_ecr_authorization_token.token.user_name
password = data.aws_ecr_authorization_token.token.password
}
}
resource "aws_ecr_repository" "my-ecr-repo" {
name = "sample-ecs-api-repo"
}
data "aws_ecr_authorization_token" "token" {}
data "aws_region" "this" {}
data "aws_caller_identity" "this" {}
# build docker image
resource "docker_image" "sample-ecs-api-image" {
name = "${data.aws_caller_identity.this.account_id}.dkr.ecr.${data.aws_region.this.name}.amazonaws.com/sample-ecs-api:latest"
build {
context = "${path.module}/../../src/SampleEcsApi"
dockerfile = "Dockerfile"
}
platform = "linux/arm64"
}
resource "docker_registry_image" "ecs-api-repo-image" {
name = docker_image.sample-ecs-api-image.name
keep_remotely = false
}
My project structure is like so:
- /src
- /SampleEcsApi
- Dockerfile
- The rest of the API project
- /iac
- /sample-ecr
- main.tf
When I am in the /iac/sample-ecr/ directory and ls ./../../src/SampleEcsApi I do see the directory contents including the Dockerfile:
ls ./../../src/SampleEcsApi/
Controllers Program.cs SampleEcsApi.csproj WeatherForecast.cs appsettings.json obj
Dockerfile Properties SampleEcsApi.http appsettings.Development.json bin
That path mirrors the terraform plan output:
Terraform will perform the following actions:
# docker_image.sample-ecs-api-image will be created
+ resource "docker_image" "sample-ecs-api-image" {
+ id = (known after apply)
+ image_id = (known after apply)
+ name = "sample-ecs-api:latest"
+ platform = "linux/arm64"
+ repo_digest = (known after apply)
+ build {
+ cache_from = []
+ context = "./../../src/SampleEcsApi"
+ dockerfile = "Dockerfile"
+ extra_hosts = []
+ remove = true
+ security_opt = []
+ tag = []
# (11 unchanged attributes hidden)
}
}
So as far as I can tell the relative path seems correct. I must be missing something because from reading https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image and https://docs.docker.com/build/concepts/context/ and Error: Terraform Docker Image Build Fails with 403 Status Code While Using docker_image Resource it seems like this is just an issue of the resource not finding the correct context, but I've tried different ways to verify whether or not I'm pointed at the right location and am not having much luck.
I'm running this on a M3 MacBook Air, macOS 15.1.1, Docker Desktop 4.36.0 (175267), Terraform v1.10.1.
Thanks for any help anyone can provide!
I found an answer buried in the kreuzwerker repository:
https://github.com/kreuzwerker/terraform-provider-docker/issues/534
The issue is that having containerd enabled in Docker breaks the build, at least on macOS. Disabling it fixed the issue for me.