Loading a AWS ECR image as service not working when using oidc

Hello everyone,

I am trying to load an AWS ECR docker image I created previously as a service using the oidc following the documentation on https://support.atlassian.com/bitbucket-cloud/docs/docker-image-options/#OIDC-roles 

I did the folowing code : 

services:
my-service: 
image: IMAGE_URI
aws: 
oidc-role: $AWS_OIDC_ROLE_ARN

And load the service like this :

- step: &run-cypress
name: run cypress
oidc: true
size: 2x
image: cypress/browsers:node-18.14.1-chrome-110.0.5481.96-1-ff-109.0-edge-110.0.1587.41-1
script:
#My script
services:
- my-service
- docker

And get the error : 
rpc error: code = Unknown desc = failed to pull and unpack image "IMAGE_URI": failed to resolve reference "IMAGE_URI": pulling from host IMAGE_REPO failed with status code [manifests IMAGE_TAG]: 403 Forbidden

But when  loading the image using the CLI, I have no problem to load the image

- step: &test-access
name: test aws ecr access
oidc: true
image: amazon/aws-cli
services:
- docker
script:
- yum update -y
- yum install jq -y
- TEMP_ROLE=$(aws sts assume-role-with-web-identity --role-arn $AWS_OIDC_ROLE_ARN --role-session-name build-session --web-identity-token "$BITBUCKET_STEP_OIDC_TOKEN" --duration-seconds 1000)
- export AWS_ACCESS_KEY_ID=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
- export AWS_SECRET_ACCESS_KEY=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
- export AWS_SESSION_TOKEN=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SessionToken')
- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws configure set aws_session_token $AWS_SESSION_TOKEN
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin IMAGE_REPO
- docker pull IMAGE_URI

 
Am I missing something when following the documentation ?