Run build on customer's ECS/Kube/VPC

Issue #12748 wontfix
Adam Winstanley
created an issue

It would be powerful if Bitbucket would allow Pipelines to be executed as a task in a customer's EC2 Container Service (ECS) cluster. This would allow customers to:

  • Access private resources in their VPC such as a private package repository.
  • Use IAM roles (e.g. not disclose their AWS secret keys to you).
  • Scale their own build fleets.

I would imagine the flow would go something like this:

  • The customer creates a predefined IAM role (copy and paste from the documentation) that allows the following permissions: RegisterTaskDefinition, RunTask, StopTask, and ListTasks (possibly more).
  • The Customer than grants the Bitbucket AWS account the STS AssumeRole permission.
  • The Customer configures their ECS Integration by specifying the cluster name, CPU/memory limits, etc...
  • When starting a pipeline you would call the RegisterTaskDefinition API (if the TaskDefinition doesn't already exist) and run the task.

Thanks, Adam

Official response

  • Matt Ryall staff

    After reviewing our priorities for Pipelines over the next year, running builds on customer infrastructure as described in this ticket is not something we plan to offer, so I'm going to close this as "Won't Fix".

    People watching this ticket may be interested in the related issue #12753, which is about connecting Pipelines to secure environments (VPN, VPCs, etc). We will keep that one open as it is something we want to address. That issue supports various important use cases for customers with hybrid environments, like integration testing or deploying to private environments.

    It would be possible to run the majority of the build process on your own infrastructure once we add support for it via #12753, but it wouldn't be a first class feature of the product in the way it is described here.

Comments (7)

  1. Matt Ryall staff

    After reviewing our priorities for Pipelines over the next year, running builds on customer infrastructure as described in this ticket is not something we plan to offer, so I'm going to close this as "Won't Fix".

    People watching this ticket may be interested in the related issue #12753, which is about connecting Pipelines to secure environments (VPN, VPCs, etc). We will keep that one open as it is something we want to address. That issue supports various important use cases for customers with hybrid environments, like integration testing or deploying to private environments.

    It would be possible to run the majority of the build process on your own infrastructure once we add support for it via #12753, but it wouldn't be a first class feature of the product in the way it is described here.

  2. Log in to comment