You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
my setup involves the IAM ci user used by circle having no permissions except assumeRole, and a ci role having permissions to ECR, as common practice for segregating access control.
I had assumed that the profile-name param in concert with a custom awscli config file (containing a profile definition that specifies a role_arn) would serve exactly this purpose but I've been unable to find a way to make it work.
seeing issue #9 open I'd think that this use case is not supported at all, is this the case?
Expected behavior
I believe this user-role segregation with assumeRole is a common and recommended security pattern and it would be great to see it supported in an official orb.
The text was updated successfully, but these errors were encountered:
@foo-tw Hi, apologies for the great delay in response. We have just resolved issue #9 , would you mind trying out circleci/aws-ecr@6.8.0 to see if it works for you? Please feel free to reopen the issue if it is still an issue for you.
Hi @lokst, also trying to understand how to use the assume role as intended with this orb? I was not able to fully see how the profile-name is to be used here. As in where would I specify the config for a given profile (e.g. role arn) in order to use that profile's name in the orb?
Orb version
6.3.0
What happened
my setup involves the IAM
ci
user used by circle having no permissions except assumeRole, and aci
role having permissions to ECR, as common practice for segregating access control.I had assumed that the
profile-name
param in concert with a custom awscliconfig
file (containing a profile definition that specifies arole_arn
) would serve exactly this purpose but I've been unable to find a way to make it work.seeing issue #9 open I'd think that this use case is not supported at all, is this the case?
Expected behavior
I believe this user-role segregation with assumeRole is a common and recommended security pattern and it would be great to see it supported in an official orb.
The text was updated successfully, but these errors were encountered: