Hello we're using roles to switch to our sub accounts.
I haven't found a way to use this with `pipe: atlassian/aws-ecr-push-image:1.4.2` yet.
Is there sample code for this? I don't understand how oidc:true plays with this.
Thanks!
Alex
Hi @Alex Williamson . Thanks for your question. Seems like you missing variable AWS_OIDC_ROLE_ARN. According to readme, you should try the next:
Build and push the image with OpenID Connect (OIDC) alternative authentication without required AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
. Parameter oidc: true
in the step configuration and variable AWS_OIDC_ROLE_ARN
are required:
- step: oidc: true script: # build the image - docker build -t my-docker-image . # use the pipe to push the image to AWS ECR - pipe: atlassian/aws-ecr-push-image:1.4.2 variables: AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION AWS_OIDC_ROLE_ARN: 'arn:aws:iam::123456789012:role/role_name' IMAGE_NAME: my-docker-image
Regards, Igor
Also this may help you to setup AWS_OIDC_ROLE_ARN on AWS side. using-bitbucket-pipelines-and-openid-connect , bitbucket-guide-openid-connect
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.