I tried configuring AWS ECR pulling through OIDC but it doesn’t seem to be working
I can see on AWS that the IAM role is not being accessed
version: 2.1
jobs:
job_name:
docker:
- image: <your-image-arn>
aws_auth:
oidc_role_arn: <your-iam-role-arn>
property oidc_role_arn is missing from the yaml spec
https://json.schemastore.org/circleciconfig.json
even though the feature was released in May’23
I stumbled upon the same problem.
I ran into this problem too, and google search lead me to this post, which unfortunately did not identify any solutions.
After another search, I came across this article https://support.circleci.com/hc/en-us/articles/13832176226203-Troubleshooting-OIDC-in-CircleCI
The article states
There must be at least one context present in your job before CircleCI will generate the $CIRCLE_OIDC_TOKEN environment variable.
After adding a context to my job in the config file, I was able to use OIDC to pull an image from ECR.
Hi team, same here - doesn’t work.
but the problem is a bit another - is it possible for executor to pull private ECR image with oidc?
We never got this to work sadly
We ended up using a CCI context with hardcoded credentials
We had 3 contexts and this didn’t work for us
I just checked the jsonschema and the oidc_role_arn property is now present
Maybe it works now…? I don’t have a CCI setup to test it now though