i've tried deploying eks but the nodes remain in a 'NotReady' status since it can't pull the VPC CNI plugin image for the aws-node DaemonSet. Not sure if this is problem happens in other regions but i'm seeing it in both the us-east-1 and ca-central-1 regions. see below:

Events:
  Type     Reason     Age               From                                                   Message
  ----     ------     ----              ----                                                   -------
  Normal   Scheduled  9m                default-scheduler                                      Successfully assigned kube-system/aws-node-7rl2w to ip-10-0-47-120.ca-central-1.compute.internal
  Normal   Pulling    7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
  Warning  Failed     7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Failed to pull image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>": rpc error: code = Unknown desc = Error response from daemon: Get <https://602401143452.dkr.ecr.us-west-2.amazonaws.com/v2/amazon-k8s-cni/manifests/v1.6.0>: no basic auth credentials
  Warning  Failed     7m (x4 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Error: ErrImagePull
  Normal   BackOff    7m (x6 over 9m)   kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Back-off pulling image "<http://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0|602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0>"
  Warning  Failed     4m (x21 over 9m)  kubelet, ip-10-0-47-120.ca-central-1.compute.internal  Error: ImagePullBackOff

and my pulumi program:

import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("vpc", { numberOfAvailabilityZones: 2 });

// Create the EKS cluster itself and a deployment of the Kubernetes dashboard.
const cluster = new eks.Cluster("cluster", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 2,
    deployDashboard: true,
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

I've checked the roles and it looks like the node has permissions to read from ECR. Any ideas why this is happening?