Docker AWS ECR auth with oidc role doesn't seem to be working

I tried configuring AWS ECR pulling through OIDC but it doesn’t seem to be working

I can see on AWS that the IAM role is not being accessed

version: 2.1

      - image: <your-image-arn>
          oidc_role_arn: <your-iam-role-arn>

property oidc_role_arn is missing from the yaml spec

even though the feature was released in May’23

I stumbled upon the same problem.

I ran into this problem too, and google search lead me to this post, which unfortunately did not identify any solutions.

After another search, I came across this article

The article states

There must be at least one context present in your job before CircleCI will generate the $CIRCLE_OIDC_TOKEN environment variable.

After adding a context to my job in the config file, I was able to use OIDC to pull an image from ECR.

Hi team, same here - doesn’t work.

but the problem is a bit another - is it possible for executor to pull private ECR image with oidc?

1 Like