Amazon ECR connection credentials
Amazon ECR connections support two credential modes - Access keys and Temporary credentials - but both of these actually require access keys.
Is there a way to configure an Amazon ECR connection without access keys?
For example the other AWS connection type, Amazon Web Services (AWS) connection can use the instance role when running on EC2 instances. It can also assume a role though this requires another, primary connection.
Please sign in to leave a comment.
Hi Attila,
The following internal properties can be used to re-enable the Default Credential Provider Chain for AWS and Amazon ECR connections:
Regarding security risks, they depend on the factors described in the documentation:
> If your TeamCity server is hosted on an AWS instance that has an associated IAM role granting access to sensitive resources, using an Amazon Web Services (AWS) connection (https://www.jetbrains.com/help/teamcity/configuring-connections.html#AmazonWebServices) with the Default Provider Chain credentials may present a security risk. In this case TeamCity project administrators who configured this type of connection can access all AWS resources permitted by the role.
Hi Tom,
That answered my question perfectly, thank you.