We’re on version 2020.3.1.
I’m trying to set up a feed for our AWS Elastic Container Registry. Our octopus server is running in a different account than the ECR feed. Octopus server is running in Kubernetes, and has a assumed role using KIAM - this means that the Octopus server container is able to make requests against AWS without any explicit access key/secret since its getting its credentials in the form of Instance profile credentials. Since ECR is running in a different account, we have a Lambda that allows all aws in our org access to ECR.
So my questions:
- I need to be able to specify which ECR repo to use, Octopus shouldn’t assume that the ECR repo is in the same account as the IAM User/Role it is using
- I need to be able to configure ECR without an explicit access key/secret, since credentials can be retrieved from the instance profile instead (we try and avoid using hard-coded credentials as much as possible). It isn’t clearly stated if access key/secret are required or optional so I’m confused if this should work at all.
It would be good to have someone at Octopus Deploy comment on this.