You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using this on a EKS setup where IRSA is used to provide IAM access on our pods (our runners), when trying to chain amazon-ecr-login together with configure-aws-credentials I get the error below:
I can confirm IRSA is working fine as we have other pipelines using it fine, our runners are able to assume roles successfully and use the permissions in those assumed roles.
IRSA uses token files for authentication setting the AWS_WEB_IDENTITY_TOKEN_FILE env pointed at the token on disk.
Output From Actions Log
Run aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::$MY_ACCOUNT_ID:role/$MY_ROLE
aws-region: $MY_REGION
role-duration-seconds: 900
1s
Run aws-actions/amazon-ecr-login@v1
with:
env:
AWS_DEFAULT_REGION: $MY_REGION
AWS_REGION: $MY_REGION
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
AWS_SESSION_TOKEN: ***
Error: Could not login: WARNING! Using -*** the CLI is insecure. Use --password-stdin.
Error saving credentials: error storing credentials - err: exit status 1, out: `not implemented`
OK, so I think this is actually the same thing reported here awslabs/amazon-ecr-credential-helper#102. Just me being a bit slow, we have the helper implemented and so a explicit login is not needed.
Not sure this is something that you can really do your end but it would be nice if there some of fall back that didn't error, or at least gave something a bit more informative.
Using this on a EKS setup where IRSA is used to provide IAM access on our pods (our runners), when trying to chain
amazon-ecr-login
together withconfigure-aws-credentials
I get the error below:I can confirm IRSA is working fine as we have other pipelines using it fine, our runners are able to assume roles successfully and use the permissions in those assumed roles.
IRSA uses token files for authentication setting the
AWS_WEB_IDENTITY_TOKEN_FILE
env pointed at the token on disk.Output From Actions Log
Workflow Yaml
The text was updated successfully, but these errors were encountered: