Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

How does one pull an ECR image that requires IAM AssumeRole?

Ken Restivo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 23, 2019

We have images stored in an ECR repository that requires AssumeRole in order to authenticate, i.e.

echo '{ "credsStore": "ecr-login"}' > ~/.docker/config.json
export JQ=$(aws sts assume-role --role-arn ${AWS_ROLE_ARN} --role-session-name bitbucket)
export AWS_ACCESS_KEY_ID="$(echo ${JQ} | jq -r '.Credentials.AccessKeyId')"
export AWS_SECRET_ACCESS_KEY="$(echo ${JQ} | jq -r '.Credentials.SecretAccessKey')"
export AWS_SESSION_TOKEN="$(echo ${JQ} | jq -r '.Credentials.SessionToken')"
docker pull acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag

 Our pipelines need to run from inside an image that is already in this repo.

I don't see any documentation in https://confluence.atlassian.com/bitbucket/use-docker-images-as-build-environments-792298897.html on how to assume-role using

 image:
name: acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag
aws:
HOW TO ASSUME ROLE HERE?:

 This is blocking us at the moment.

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events