fix(AWS Credentials): Recognize AWS_DEFAULT_PROFILE env variable (#8354)

serverless · Oct 7, 2020 · 261c16f · 261c16f
1 parent c93a799
commit 261c16f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/lib/plugins/aws/provider/awsProvider.js b/lib/plugins/aws/provider/awsProvider.js
@@ -1086,10 +1086,11 @@ class AwsProvider {
     const stageUpper = this.getStage() ? this.getStage().toUpperCase() : null;
 
     // add specified credentials, overriding with more specific declarations
+    const awsDefaultProfile = process.env.AWS_DEFAULT_PROFILE || 'default';
     try {
-      impl.addProfileCredentials(result, 'default');
+      impl.addProfileCredentials(result, awsDefaultProfile);
     } catch (err) {
-      if (err.message !== 'Profile default does not exist') {
+      if (err.message !== `Profile ${awsDefaultProfile} does not exist`) {
         throw err;
       }
     }

diff --git a/lib/plugins/aws/provider/awsProvider.test.js b/lib/plugins/aws/provider/awsProvider.test.js
@@ -1139,6 +1139,35 @@ describe('AwsProvider', () => {
       const credentials = newAwsProvider.getCredentials();
       expect(credentials.signatureVersion).to.equal('v4');
     });
+
+    it('should get credentials from process.env.AWS_DEFAULT_PROFILE, not "default"', () => {
+      process.env.AWS_DEFAULT_PROFILE = 'notDefaultTemporary';
+      newAwsProvider.options['aws-profile'] = undefined;
+
+      serverless.utils.appendFileSync(
+        relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
+        '[default]\n' +
+          `aws_access_key_id = ${fakeCredentials.accessKeyId}\n` +
+          `aws_secret_access_key = ${fakeCredentials.secretAccessKey}\n`
+      );
+
+      const credentials = newAwsProvider.getCredentials();
+      expect(credentials.credentials.profile).to.equal('notDefaultTemporary');
+    });
+
+    it('should get "default" credentials in lieu of anything else', () => {
+      newAwsProvider.options['aws-profile'] = undefined;
+
+      serverless.utils.appendFileSync(
+        relevantEnvironment.AWS_SHARED_CREDENTIALS_FILE,
+        '[default]\n' +
+          `aws_access_key_id = ${fakeCredentials.accessKeyId}\n` +
+          `aws_secret_access_key = ${fakeCredentials.secretAccessKey}\n`
+      );
+
+      const credentials = newAwsProvider.getCredentials();
+      expect(credentials.credentials.profile).to.equal('default');
+    });
   });
 
   describe('values', () => {