To configure an
Amazon ECR Credentials Variables task:
Navigate to the
Tasks configuration tab for the job (this will be the default job if creating a new plan).
Click the name of an existing Amazon ECR Credentials Variables task, or click
Add Task and then Amazon ECR Credentials Variables to create a new task.
Complete the following settings:
(Optional) Identify the purpose of the task.
Disable this task
Check, or clear, to selectively run this task.
Select the desired
AWS Region. Alternatively, select [Use region variable ...] to supply the region dynamically via Bamboo variables (needs to be a region code such as
ap-southeast-2) - refer to
How to parametrize the AWS region via a Bamboo variable for details. Registry ID
(Optional) Select the AWS account ID that is associated with the registry for which to get authorization credentials
If you do not specify a registry, the default registry is assumed. Refer to How can I grant access to a secondary account to pull or push images in my ECR repository? for details on the required permissions when using non default registries. Bamboo Variables
Provide the namespace for generated variables
Select the scope for generated variables:
AWS Security Credentials
AWS Credentials Source (see below). Can be either Identity Federation for AWS or an IAM Role for EC2. Connector
(Conditional) Select the shared
Identity Federation for AWS Connector. Alternatively, select [Use connector variable ...] to supply the connector dynamically via Bamboo variables (needs to be a connector id such as
f24e81bc-7aff-42db-86a2-7cf82e24d871) - refer to
How to parametrize the AWS connector via a Bamboo variable for details. Role ARN
(Conditional | Optional) Specify the ARN of another role that the agent's IAM role for EC2 should assume.
AWS Credentials Sources Managed IAM Policy
We recommend to facilitate an available
AWS Managed Policy to ease permission maintenance - the Amazon ECR Credentials Variables task requires the permissions in the AmazonEC2ContainerRegistryPowerUser managed policy, which at the time of this writing looks as follows: 1
You have the following options to provide
AWS Security Credentials: Usage Bamboo variables
This task generates the following
Bamboo variables for reuse in subsequent tasks without native integration with Identity Federation for AWS: Bamboo variables 1
The '*.password' suffix ensures that sensitive variables are masked with asterisks ('*******') in the Bamboo build log.
An alternative representation as a JSON object for automated processing with tools like
jq is available too: Bamboo variables (alternative representations) 1
Aforementioned variables will also be available as environment variables for use in Bamboo
Script tasks. The syntax differs between shells, as illustrated in these examples for assigning them to the standardized variables used by tools like the AWS Command Line Interface (AWS CLI): Bash (Unix shell) 1
$AUTHORIZATION_TOKEN = $Env:bamboo_custom_aws_ecr_authorizationToken_password
$EXPIRATION_DATE = $Env:bamboo_custom_aws_ecr_expirationDate
$PROXY_ENDPOINT = $Env:bamboo_custom_aws_ecr_proxyEndpoint
$PROXY_ENDPOINT_DOMAIN = $Env:bamboo_custom_aws_ecr_proxyEndpointDomain
$USERNAME = $Env:bamboo_custom_aws_ecr_username
$PASSWORD = $Env:bamboo_custom_aws_ecr_password
Windows Command Prompt (cmd) 1
How-to Articles Frequently Asked Questions (FAQ)