When using CCI Server, we have more freedom regarding Nomad builders, so we give the builder instances permissions to download any and all of our ECR images. What we would like is for the Docker executor the freedom to use those ECR images without any credentials passed either via project environment variables or contexts. However currently the CircleCI configuration is preventing us from doing that as it always requires an aws_access_key_id and aws_secret_access_key Ex. docker: - image: our_ecr_image:latest aws_auth: aws_access_key_id: AWS_ACCESS_KEY_ID aws_secret_access_key: AWS_SECRET_ACCESS_KEY Can we get a setting which will use the Nomad builder instance profile instead? docker: - image: our_ecr_image:latest aws_auth: use_instance_profile: true The AWS SDK uses any and all possible credential sources, so in theory if no credentials are passed it should use the Instance Metadata to authorize unless you intentionally block that. Thanks Igor Serko, Lyst Ltd
