It would be powerful if Bitbucket would allow Pipelines to be executed as a task in a customer's EC2 Container Service (ECS) cluster. This would allow customers to:

• Access private resources in their VPC such as a private package repository.
• Use IAM roles (e.g. not disclose their AWS secret keys to you).
• Scale their own build fleets.

I would imagine the flow would go something like this:

• The customer creates a predefined IAM role (copy and paste from the documentation) that allows the following permissions: RegisterTaskDefinition, RunTask, StopTask, and ListTasks (possibly more).
• The Customer than grants the Bitbucket AWS account the STS AssumeRole permission.
• The Customer configures their ECS Integration by specifying the cluster name, CPU/memory limits, etc...
• When starting a pipeline you would call the RegisterTaskDefinition API (if the TaskDefinition doesn't already exist) and run the task.

Thanks,
Adam