Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,365,241
Community Members
 
Community Events
168
Community Groups

Push image using Role

Hello we're using roles to switch to our sub accounts.

I haven't found a way to use this with `pipe: atlassian/aws-ecr-push-image:1.4.2` yet.

Is there sample code for this? I don't understand how oidc:true plays with this.

Thanks!

Alex

1 answer

0 votes

Hi @Alex Williamson . Thanks for your question. Seems like you missing variable AWS_OIDC_ROLE_ARN. According to readme, you should try the next:

Build and push the image with OpenID Connect (OIDC) alternative authentication without required AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY. Parameter oidc: true in the step configuration and variable AWS_OIDC_ROLE_ARN are required:

- step:
    oidc: true
    script:
      # build the image
      - docker build -t my-docker-image .

      # use the pipe to push the image to AWS ECR
      - pipe: atlassian/aws-ecr-push-image:1.4.2
        variables:
          AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
          AWS_OIDC_ROLE_ARN: 'arn:aws:iam::123456789012:role/role_name'
          IMAGE_NAME: my-docker-image


Regards, Igor

Also this may help you to setup AWS_OIDC_ROLE_ARN on AWS side. using-bitbucket-pipelines-and-openid-connect , bitbucket-guide-openid-connect 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events