What's the best way to access ECR repositories using agent-stack-k8s?

kyle-hong · January 6, 2026, 9:59pm

I’m trying to access my ECR repositories from agents hosted on my EKS cluster using agent-stack-k8s.

I tried using ecr-buildkite-plugin and setting assume-role argument that has the policy to access the ECR repositories, but I’m still getting “Unable to locate credentials. You can configure credentials by running aws configure. Error: running “plugin ecr-buildkite-plugin environment” shell hook: The plugin ecr-buildkite-plugin environment hook exited with status 253”

I also tried using assume-role-with-web-identity plugin but realized that it’s not compatible with agent-stack-k8s.

What’s the best practice to gain access to my ECR repositories in this case?

Dahtey · January 7, 2026, 4:14am

Hi Kyle,

Thanks for reaching out. The reason why assume-role-with-web-identity plugin is not compatible with agent-stack-k8s is because k8s stack doesn’t possess aws CLI binary out of the box. In your scenario, the best practice to gain access to your ECR is to create your own custom image with the Buildkite agent and AWS CLI. Once you’ve done that, you can leverage the assume-role-with-web-identity plugin with ecr-buildkite-plugin plugin to achieve your use case.

Hope that helps. Let us know if you have any further questions.

Thanks,

Dahtey

Topic		Replies	Views
Docker-compose and agent-stack-k8s General	8	18	January 19, 2026
How to add a plugin to all agents General	1	43	August 18, 2025
Accessing ECR inside Docker Plugin General	3	711	August 29, 2023
No basic auth credentials, yet using ECR plugin General	12	4793	January 29, 2019
How to give S3 Permissions to buildkite agents using ElasticCI? Elastic CI Stack for AWS	3	729	October 10, 2023

What's the best way to access ECR repositories using agent-stack-k8s?

Related topics