We have images stored in an ECR repository that requires AssumeRole in order to authenticate, i.e.
echo '{ "credsStore": "ecr-login"}' > ~/.docker/config.json
export JQ=$(aws sts assume-role --role-arn ${AWS_ROLE_ARN} --role-session-name bitbucket)
export AWS_ACCESS_KEY_ID="$(echo ${JQ} | jq -r '.Credentials.AccessKeyId')"
export AWS_SECRET_ACCESS_KEY="$(echo ${JQ} | jq -r '.Credentials.SecretAccessKey')"
export AWS_SESSION_TOKEN="$(echo ${JQ} | jq -r '.Credentials.SessionToken')"
docker pull acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag
Our pipelines need to run from inside an image that is already in this repo.
I don't see any documentation in https://confluence.atlassian.com/bitbucket/use-docker-images-as-build-environments-792298897.html on how to assume-role using
image:
name: acctnum.dkr.ecr.us-west-2.amazonaws.com/repo:tag
aws:
HOW TO ASSUME ROLE HERE?:
This is blocking us at the moment.