OIDC for AWS ECR private image pulls | Feature Requests

OIDC for AWS ECR private image pulls

complete

github.com@caleri.de

When a project is configured to use OIDC, it should be possible to use these credentials to pull a private images from ECR [1] when starting up the executor.
Projects with OIDC enabled [2] currently still require static AWS keys for ECR image pulls.
[1] https://circleci.com/docs/2.0/private-images/#aws-ecr
[2] https://circleci.com/docs/2.0/openid-connect-tokens/

March 25, 2022

Oran Wilder

marked this post as

complete

OIDC for AWS ECR is ready for use! Follow the instructions here to implement: https://circleci.com/docs/pull-an-image-from-aws-ecr-with-oidc/

Oran Wilder

marked this post as

in progress

OIDC for ECR is coming soon. A preview of this feature is being prepared for the end of May.

mad0house@gmail.com

Oran Wilder: would this also include other providers such as GCP antifactory?

Oran Wilder

mad0house@gmail.com: This work is specific to AWS. If you want o connect to GCP, try the instructions here: https://circleci.com/docs/openid-connect-tokens/#setting-up-gcp

mad0house@gmail.com

Oran Wilder: yeah we use that for terraform but unable to pull images using oidc. I would of thought you would of done this in tandem https://ideas.circleci.com/cloud-feature-requests/p/openid-connect-docker-login

Robert Hopson

Very interested in this!

pablo@pabloserrano.cc

Any ETA about this?

Nathan Fish

marked this post as

planned

mad0house@gmail.com

same but for GCP https://ideas.circleci.com/cloud-feature-requests/p/openid-connect-docker-login