EKS IRSA Support? Error saving credentials: error storing credentials - err: exit status 1, out: not implemented

[callum-tait-pbx]

Using this on a EKS setup where IRSA is used to provide IAM access on our pods (our runners), when trying to chain amazon-ecr-login together with configure-aws-credentials I get the error below:

I can confirm IRSA is working fine as we have other pipelines using it fine, our runners are able to assume roles successfully and use the permissions in those assumed roles.

IRSA uses token files for authentication setting the AWS_WEB_IDENTITY_TOKEN_FILE env pointed at the token on disk.

Output From Actions Log

Run aws-actions/configure-aws-credentials@v1
  with:
    role-to-assume: arn:aws:iam::$MY_ACCOUNT_ID:role/$MY_ROLE
    aws-region: $MY_REGION
    role-duration-seconds: 900
1s
Run aws-actions/amazon-ecr-login@v1
  with:
  env:
    AWS_DEFAULT_REGION: $MY_REGION
    AWS_REGION: $MY_REGION
    AWS_ACCESS_KEY_ID: ***
    AWS_SECRET_ACCESS_KEY: ***
    AWS_SESSION_TOKEN: ***
Error: Could not login: WARNING! Using -*** the CLI is insecure. Use --password-stdin.
Error saving credentials: error storing credentials - err: exit status 1, out: `not implemented`

Workflow Yaml

- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v1
  with:
    role-to-assume: arn:aws:iam::$MY_ACCOUNT_ID:role/$MY_ROLE
    aws-region: $MY_REGION
    role-duration-seconds: 900
- name: Login to ECR
  id: login-ecr
  uses: aws-actions/amazon-ecr-login@v1

[callum-tait-pbx]

OK, so I think this is actually the same thing reported here awslabs/amazon-ecr-credential-helper#102. Just me being a bit slow, we have the helper implemented and so a explicit login is not needed.

Not sure this is something that you can really do your end but it would be nice if there some of fall back that didn't error, or at least gave something a bit more informative.

If not this can be closed.