search

amplify-education / serverless-domain-manager

Serverless plugin for managing custom domains with API Gateways.
MIT License
939 stars 232 forks source link

Resolved credential object is not valid #605

Closed adminy closed 9 months ago

adminy commented 11 months ago

Community Note

Bug Report

Command Run npx sls deploy --stager dev --region eu-west-1

Console Output

Error:
Error: V2 - Unable to fetch information about 'sub.domain.name.com':
Resolved credential object is not valid
    at APIGatewayV2Wrapper.<anonymous> (/root/repos/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js:80:27)
    at Generator.throw (<anonymous>)
    at rejected (/root/repos/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js:6:65)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
1 deprecation found: run 'serverless doctor' for more details
rverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js

Domain Manager Configuration

custom:
  customDomain:
    apiType: http
    endpointType: regional
    securityPolicy: tls_1_2
    stage: ${self:provider.stage}
    domainName: sub.domain.name.com
    certificateName: "*.domain.name.com"
    createRoute53Record: false
    createRoute53IPv6Record: false
    autoDomain: true

Versions

rddimon commented 11 months ago

Hi @adminy

I believe it's related to the 1 deprecation found: run 'serverless doctor' for more details Have you updated the packages? Could you please try the latest version?

Dvelezs94 commented 11 months ago

This issue happens when you use an AWS_DEFAULT_PROFILE different than default. Even if you set the variable to the different profile the plugin doesn't read that, instead it always looks for the default credentials.

adminy commented 10 months ago

how come pretty much every other plugin is fine finding the profile you're using, this one is picky about which profile name you should use? @Dvelezs94 can it not be hardcoded to default please? Thanks

Otherwise even if you set the profile to default, you get:

Error: V1 - Unable to fetch information about 'the_example_site.subdomain.com': 
Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", 
"sso_region", "sso_role_name", "sso_start_url". Got output, region, sso_region, sso_start_url, aws_access_key_id, aws_secret_access_key, aws_session_token
Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html        
    at APIGatewayV1Wrapper.<anonymous> (/root/repos/LossTrackerShim/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:77:27)
    at Generator.throw (<anonymous>)
    at rejected (/root/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:6:65)

because it still has to match what's in the ~/.aws/config file and in there you may have 10+ profiles, for each of the stages or accounts. I woudn't wanna change default profile every time in the config file just for this plugin.

naomichi-y commented 9 months ago

I'm encountering a similar issue as well.

I'm utilizing Identity Center (AWS SSO) along with the serverless-better-credentials plugin for my setup. This plugin retrieves the profile from the AWS_PROFILE=XXX variable. However, I encounter an error with serverless-domain-manager stating: The SSO session token associated with profile=XXX was not found or is invalid.

It's worth noting that if I execute aws sso login prior to deployment, I can avoid this issue. (The downside is that it requires double authentication.)

bash-5.2# sls deploy
...
[serverless-better-credentials]

Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.ap-northeast-1.amazonaws.com/

Then enter the code:

****-****

✔ serverless-better-credentials: credentials resolved from config SsoCredentials: AWS_PROFILE (XXX)
...
× Stack *** failed to deploy (115s)
Environment: linux, node 20.11.0, framework 3.35.2 (local) 3.34.0v (global), plugin 7.0.5, SDK 4.4.0
Credentials: Local, environment variables
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
Error: V1 - Unable to fetch information about '***':
The SSO session token associated with profile=XXX was not found or is invalid. To refresh this SSO session run 'aws sso login' with the corresponding profile.
    at APIGatewayV1Wrapper.<anonymous> (/app/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:77:27)
    at Generator.throw (<anonymous>)
    at rejected (/app/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:6:65)
rddimon commented 9 months ago

This issue happens when you use an AWS_DEFAULT_PROFILE different than default. Even if you set the variable to the different profile the plugin doesn't read that, instead it always looks for the default credentials.

Hi there The AWS_DEFAULT_PROFILE is not preferred to use. It might have been deprecated in favor of AWS_PROFILE. Here is the explanation https://github.com/aws/aws-cli/issues/1748

rddimon commented 9 months ago

Does it work for you with the plugin version v6.x?

adminy commented 9 months ago

Thanks @rddimon, AWS_PROFILE works or --aws-profile flag. Haven't tried v6.x, using v7.x. There is a ton of updates to the lib I haven't tried yet though, I'll try latest to see if that works.

Note I haven't specified a profile in serverless file, that helps.