• Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      The Amazon implementation of a Docker Registry automatically generates the docker login command with a call to the aws API. The credentials that it generates expire making them impractical to mine from the command for a normal bitbucket-pipelines.yml file. As far as I can tell, there is no way to set Amazon to do it differently, so if we could specify AWS credentials as follows:

      #!yaml
      
      image:
          name: <aws-ecr-image>
          aws_login:
              access_key_id: <access_key_id>
              secret_access_key: <secret_access_key>
              region: <region>
      

      Then Pipelines could generate a file at ~/.aws/credentials that looks like this:

      #!ini
      
      [default]
      aws_access_key_id = <access_key_id>
      aws_secret_access_key = <secret_access_key>
      
      

      Then make the following AWS call to get the credentials and login:

      #!bash
      
      eval $(aws ecr get-login --region <region>)
      

      It could then proceed to download the Docker image and continue normally.

      Alternatively, the values could be settings on the server side to avoid sharing all that information in a file in source control.

            [BCLOUD-13024] Support Amazon ECR for build image

            While Amazon has strict guidelines in place, scammers can still slip through the cracks. It's crucial to thoroughly research the seller's reputation, read customer reviews, and be wary of suspiciously low prices. This advice really hit home for me, as I've been tempted by those too-good-to-be-true deals in the past, for more read https://qrius.com/common-amazon-scams-and-how-to-avoid-them/ . Another scam that caught my attention was the "brushing" scam. I had never heard of this before, but apparently, scammers send unsolicited packages to unsuspecting customers and then post fake positive reviews using their names. This not only deceives potential buyers but also compromises the privacy of innocent individuals. It's a chilling reminder of the importance of monitoring our online presence and being vigilant about any unexpected packages we receive. Counterfeit goods are becoming increasingly prevalent, and it's essential to scrutinize the seller's credentials, check for trademarks, and compare prices to ensure you're getting the real deal. I appreciated the tips provided in the article, as they will undoubtedly help me make more informed purchasing decisions in the future.

            Kevin Goldman added a comment - While Amazon has strict guidelines in place, scammers can still slip through the cracks. It's crucial to thoroughly research the seller's reputation, read customer reviews, and be wary of suspiciously low prices. This advice really hit home for me, as I've been tempted by those too-good-to-be-true deals in the past, for more read https://qrius.com/common-amazon-scams-and-how-to-avoid-them/ . Another scam that caught my attention was the "brushing" scam. I had never heard of this before, but apparently, scammers send unsolicited packages to unsuspecting customers and then post fake positive reviews using their names. This not only deceives potential buyers but also compromises the privacy of innocent individuals. It's a chilling reminder of the importance of monitoring our online presence and being vigilant about any unexpected packages we receive. Counterfeit goods are becoming increasingly prevalent, and it's essential to scrutinize the seller's credentials, check for trademarks, and compare prices to ensure you're getting the real deal. I appreciated the tips provided in the article, as they will undoubtedly help me make more informed purchasing decisions in the future.

            jgardezi added a comment -

            Hi @phodder,

            Thank you, for your reply.

            Is there any similar coming for bitbucket pipeline?

            Furthermore, is there any guideline in relation to once pushes to ECR it automatically deploys the new build to ECS Cluster?

            Regards,

            Javed Gardezi

            jgardezi added a comment - Hi @phodder, Thank you, for your reply. Is there any similar coming for bitbucket pipeline? Furthermore, is there any guideline in relation to once pushes to ECR it automatically deploys the new build to ECS Cluster? Regards, Javed Gardezi

            Hi @jgardezi,

            This feature is only to add native support for pulling images from ECR as the container your build runs inside, as this was previously not possible to do without extensive workarounds.

            Pushing images to ECR remains the same as you are doing right now (setting up auth for docker and then using docker commands to push).

            This ticket here may be closer to what you are requesting (steps that take parameters and can do more complex operations): BCLOUD-12751

            Thanks,

            Phil

            Philip Hodder added a comment - Hi @jgardezi, This feature is only to add native support for pulling images from ECR as the container your build runs inside, as this was previously not possible to do without extensive workarounds. Pushing images to ECR remains the same as you are doing right now (setting up auth for docker and then using docker commands to push). This ticket here may be closer to what you are requesting (steps that take parameters and can do more complex operations): BCLOUD-12751 Thanks, Phil

            jgardezi added a comment -

            @sebastian_cole can you please elaborate the step in more details. For this

            #!bash
            
            image:
              name: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/java:8u66
              aws:
                access-key: $AWS_ACCESS_KEY
                secret-key: $AWS_SECRET_KEY
            

            How do I push my image to ECR with your script? Currently, my way of doing is

            #!bash
            
            - step:
                      name: Build & Register image with production registery
                      # python image with aws-cli installed
                      image: tstrohmeier/awscli:3.6.3
                      script:
                        # aws login
                        - echo Logging in to Amazon ECR...
                        - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
                        # docker
                        - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
                        - docker build -t ${AWS_REGISTRY_URL}:$BUILD_ID .
                        - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
                        - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
                        - docker push ${AWS_REGISTRY_URL}:development
            

            As you can see that I can build the docker image and pushing it ECR using mage: tstrohmeier/awscli:3.6.3. How does your support (We've just enabled ECR support for all customers) help us to do the above steps?

            Kind regards,
            Javed Gardezi

            jgardezi added a comment - @sebastian_cole can you please elaborate the step in more details. For this #!bash image: name: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/java:8u66 aws: access-key: $AWS_ACCESS_KEY secret-key: $AWS_SECRET_KEY How do I push my image to ECR with your script? Currently, my way of doing is #!bash - step: name: Build & Register image with production registery # python image with aws-cli installed image: tstrohmeier/awscli:3.6.3 script: # aws login - echo Logging in to Amazon ECR... - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email) # docker - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER - docker build -t ${AWS_REGISTRY_URL}:$BUILD_ID . - docker push ${AWS_REGISTRY_URL}:$BUILD_ID - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development - docker push ${AWS_REGISTRY_URL}:development As you can see that I can build the docker image and pushing it ECR using mage: tstrohmeier/awscli:3.6.3 . How does your support (We've just enabled ECR support for all customers) help us to do the above steps? Kind regards, Javed Gardezi

            Hi Dean,

            I've replied to your question on Community.

            Thanks,
            Phil

            Philip Hodder added a comment - Hi Dean, I've replied to your question on Community. Thanks, Phil

            deankayton added a comment -

            Wow, as I post this (after trying various things last night)... I found what the problem is.

            It is one of two things, either the space/return between the image code-block and the pipelines code-block, in the yaml is not supported, or the format ${} is not supported.

            deankayton added a comment - Wow, as I post this (after trying various things last night)... I found what the problem is. It is one of two things, either the space/return between the image code-block and the pipelines code-block, in the yaml is not supported, or the format ${} is not supported.

            deankayton added a comment -

            Hi, I am having no joy with this. I added a question, here https://community.atlassian.com/t5/Bitbucket-questions/How-to-allow-Bitbucket-Pipelines-to-pull-images-from-Amazon-EC2/qaq-p/633458

            Would really appreciate some feedback.

            deankayton added a comment - Hi, I am having no joy with this. I added a question, here https://community.atlassian.com/t5/Bitbucket-questions/How-to-allow-Bitbucket-Pipelines-to-pull-images-from-Amazon-EC2/qaq-p/633458 Would really appreciate some feedback.

            @ccannell this is for pulling the step image where your scripts get executed. If you're building and pushing from pipelines, you'll follow the same process as normal.

            eval $(aws ecr get-login --region <region>)
            docker push registry.com/user/format
            
            

            Sebastian Cole (Inactive) added a comment - @ccannell this is for pulling the step image where your scripts get executed. If you're building and pushing from pipelines, you'll follow the same process as normal. eval $(aws ecr get-login --region <region>) docker push registry.com/user/format

            ccannell added a comment -

            Does this allow pushing images to ECR?

            ccannell added a comment - Does this allow pushing images to ECR?

            Amazing! I'll definitely be checking it out.

            ianlgibbons added a comment - Amazing! I'll definitely be checking it out.

              Unassigned Unassigned
              43d86483ce94 Michael Juliano
              Votes:
              16 Vote for this issue
              Watchers:
              22 Start watching this issue

                Created:
                Updated:
                Resolved: