Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Bitbucket
Questions
How to allow Bitbucket-Pipelines to pull images from Amazon EC2 container service (ECR)?

How to allow Bitbucket-Pipelines to pull images from Amazon EC2 container service (ECR)?

What I have tried:

- I can successfully push to Amazon ECR (details in this answer I posted on Stack Overflow)
- I am failing to pull the above image in a subsequent pipeline (see example).

Example bitbucket-pipeline.yml

image:
  name: <ecr-registry-address>/<repository>:<tag>
    aws:
      access-key: ${AWS_ACCESS_KEY_ID}
      secret-key: ${AWS_SECRET_ACCESS_KEY}

pipelines:
  default:
    - step:
        script:
        - echo 'Hello World'

The error I get back:

lz7E8

Finally:

In order to push to the repository, I already setup IAM roles for the bitbucket-pipelines account (AmazonEC2ContainerRegistryPowerUser). Is there any other setup required?

1 answer

3 votes

Hi Dean,

If you'd like to use environment variables for your ECR image you need to change your YAML to look like this:

image:
  name: <imagename>
  aws:
    access-key: $AWS_ACCESS_KEY_ID
    secret-key: $AWS_SECRET_ACCESS_KEY
pipelines:
  default:
    - step:
        script:
          - echo 'Hello world'
...

Specifically removing the curly braces around your environment variables and realigning the whitespace (though, that may have been copy/paste).

Hope that helps! :)

Phil

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Fixed.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Thank you, I arrived to this conclusion just moments before you replied. Why is the case though? When you say 'fixed', is the ${} now supported?

If not, that notation is supported everywhere else in the bitbucket-pipelines.yml, so I think for consistency it would be a good idea!

I logged the following suggestion (https://jira.atlassian.com/browse/BSERV-10113), to note this limitation (if it is still present) in the documentation and to give a more descriptive error message if this is to occur.

If you have fixed the above, then the above can probably be discarded. But in general, system errors like this should be caught by a syntax validator at least.

Thanks for the support :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I'm having the same problem and it's unclear to me what the resolution is.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I'm having the same problem, I've already removed the {} but can't get it to work.

I can push and pull with the same credentials from the local machine but not from the pipeline.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Oh good it's not just me!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

The corresponding ticket seems to be https://jira.atlassian.com/browse/BCLOUD-16664

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS