You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ignoring both AWS_CONFIG_FILE and (it seems, but I can't get that far) the use of credential_process within it.
Workaround:
unset AWS_PROFILE # from setting it above, because serverless (unlike awscli & tools that use the SDK) gives it priority over explicit access keys
tempcred="$(aws sts get-session-token)"
export AWS_ACCESS_KEY_ID="$(echo "$tempcred" | jq -r '.Credentials.AccessKeyId')"
export AWS_SECRET_ACCESS_KEY="$(echo "$tempcred" | jq -r '.Credentials.SecretAccessKey')"
export AWS_SESSION_TOKEN="$(echo "$tempcred" | jq -r '.Credentials.SessionToken')"
(for the core anyway, to create most resources, until it seems the warmup plugin doesn't even support AWS_SESSION_TOKEN so have to give up and use the underlying access key directly, bypassing the credential_process entirely and non-ephemerally.)
Is there a reason Serverless needs to re-implement this auth handling, rather than let the SDK do it (and so be consistent with other tools that use it)?
NB I couldn't submit without ticking 'not a plugin issue' - it's the AWS plugin of course, but that's in this repo.
@OJFordAWS_DEFAULT_PROFILE definitely works (just tested it) If you feel otherwise, please fill the issue template completely providing all necessary reproduction details (service configuration with no plugins involved, used command name, and full output of command you receive)
Are you certain it's a bug?
Is the issue caused by a plugin?
Are you using the latest version?
Is there an existing issue for this?
Issue description
The support for
AWS_DEFAULT_PROFILE
added in #8354 fixing #7676 seems to have been removed, and indeed is not claimed to work at: https://www.serverless.com/framework/docs/providers/aws/guide/credentials/I can pass the resultant 'AWS provider credentials not found' error by setting
AWS_PROFILE="$AWS_DEFAULT_PROFILE"
.The problem then is that a file
~/.aws/credentials
is assumed to exist:serverless/lib/plugins/aws/utils/credentials.js
Line 11 in eca599d
Ignoring both
AWS_CONFIG_FILE
and (it seems, but I can't get that far) the use ofcredential_process
within it.Workaround:
(for the core anyway, to create most resources, until it seems the warmup plugin doesn't even support
AWS_SESSION_TOKEN
so have to give up and use the underlying access key directly, bypassing thecredential_process
entirely and non-ephemerally.)Is there a reason Serverless needs to re-implement this auth handling, rather than let the SDK do it (and so be consistent with other tools that use it)?
NB I couldn't submit without ticking 'not a plugin issue' - it's the AWS plugin of course, but that's in this repo.
Service configuration (serverless.yml) content
N/A
Command name and used flags
N/A
Command output
Environment information
The text was updated successfully, but these errors were encountered: