Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How does one pull an ECR image that requires IAM AssumeRole?

Ken Restivo
Ken Restivo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 23, 2019

We have images stored in an ECR repository that requires AssumeRole in order to authenticate, i.e.

echo '{ "credsStore": "ecr-login"}' > ~/.docker/config.json
export JQ=$(aws sts assume-role --role-arn ${AWS_ROLE_ARN} --role-session-name bitbucket)
export AWS_ACCESS_KEY_ID="$(echo ${JQ} | jq -r '.Credentials.AccessKeyId')"
export AWS_SECRET_ACCESS_KEY="$(echo ${JQ} | jq -r '.Credentials.SecretAccessKey')"
export AWS_SESSION_TOKEN="$(echo ${JQ} | jq -r '.Credentials.SessionToken')"
docker pull acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag

 Our pipelines need to run from inside an image that is already in this repo.

I don't see any documentation in https://confluence.atlassian.com/bitbucket/use-docker-images-as-build-environments-792298897.html on how to assume-role using

 image:
   name: acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag
   aws:
     HOW TO ASSUME ROLE HERE?:

 This is blocking us at the moment.

Answer
Watch
Like krashekspress likes this
517 views

0 answers

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security