I would like to host pipes in a private ECR repository.
I understand that I can access the images like so:
pipe: docker://my-ecr-repo/image:versionaws: access-key: $AWS_ACCESS_KEY_ID secret-key: $AWS_SECRET_ACCESS_KEY
I am wondering if there is an undocumented way to use OIDC instead.
@Georg Duemlein hi. Pipes supports only public docker images.For OIDC support check this pipe for implementation: aws-ecr-push-imageRegards, Igor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is it correct that the `aws-ecr-push-image` example refers to using OIDC inside the pipe?
I figured I can use OIDC to pull a private ECR as a pipe like so:
- step: name: 'PipeThing' oidc: true script: - export AWS_ROLE_ARN=arn:aws:iam::123345:role/bitbucket-pipeline-role - export AWS_WEB_IDENTITY_TOKEN_FILE=$(pwd)/web-identity-token - echo $BITBUCKET_STEP_OIDC_TOKEN > $(pwd)/web-identity-token - apt-get update && apt-get install -y awscli - aws --version - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 1234.dkr.ecr.us-somehwere-5.amazonaws.com - pipe: docker:/my/image:lastest
Would it be possible to get a feature request for pipes to support OIDC for private pipes?
Though I am not yet convinced I understand fully the difference between a pipe and an image for a step.
Still have a question?
Get fast answers from people who know.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.