Hi,
We are using the runners on Kubernetes and defining a serviceaccount that bound to an IAM role/policy. However, when we run a step using a runner (with a custom pipe), the environment variables (AWS_ROLE_ARN, AWS_REGION, and AWS_WEB_IDENTITY_TOKEN) for the container are not accessible.
Can someone provide insight in to how this can be accomplished?
Thanks!
hi @Steven_Esemplare ,
Passing these variables to the build container is not possible at the moment.
However, not sure if it fits your use case but one thing that you could consider using is Bitbucket Pipelines OIDC feature:
@Steven_Esemplare hi. Sorry for the late response.
I tested AWS pipe usage with self.hosted runners with providing repository variables such AWS_KEY, AWS_SECRET to deploy to s3 and found no issues.
If this problem is still actual please check the next:
Regards, Igor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Igor Stoyanov You have just described Old fashioned way when U create a User in IAM, generate API token and secret and manually pass them into pipeline executor via ENV vars.
Stevent is using new way to manage AWS access from Kubernetes https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
@Oleksandr Kyrdan I've reported similar issue https://community.atlassian.com/t5/Bitbucket-questions/AWS-IRSA-for-K8s-based-runner/qaq-p/2555377
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your question!
We'll investigate the case and notify you.
Best regards,
Oleksandr Kyrdan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.