lumigo-io / lumigo-CLI

Open source CLI tool to help you develop and manage serverless applications.
https://lumigo.io
Apache License 2.0
331 stars 21 forks source link

Support for AWS credential from environment variables #108

Open sneakybeaky opened 4 years ago

sneakybeaky commented 4 years ago

Hi,

We use aws-vault so that we don't store our AWS credentials in plain text on our workstations. It looks like you don't currently support using AWS credential environment variables, which means we're stuck.

This shows the invocation of aws-vault showing the env vars being set :

$ aws-vault exec profilename -- env
......
AWS_ACCESS_KEY_ID=xxxxx
AWS_SECRET_ACCESS_KEY=xxxxx
AWS_SESSION_TOKEN=xxxxxx
AWS_SECURITY_TOKEN=xxxxxxx
AWS_SESSION_EXPIRATION=2020-10-23T14:42:02Z

But when we use with lumigo-cli we get this error

$ DEBUG=* aws-vault exec profilename -- lumigo-cli powertune-lambda \
    -r eu-west-2 \
    -p lnp \
    -n powertune-lambda-s3copy-eu-west-2-dev \
    -s balanced \
    -f /Users/jonbarber/work/spikes/s3copy-storybook/examples/update.json \
    -o update-result.json \
    -z > /dev/null
......
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
    at SharedIniFileCredentials.load (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:103:11)
    at SharedIniFileCredentials.coalesceRefresh (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/credentials.js:205:12)
    at SharedIniFileCredentials.refresh (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:170:10)
    at SharedIniFileCredentials.get (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/credentials.js:122:12)
    at getAsyncCredentials (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/config.js:398:24)
    at Config.getCredentials (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/config.js:418:9)
    at Request.VALIDATE_CREDENTIALS (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/event_listeners.js:81:26)
    at Request.callListeners (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/sequential_executor.js:102:18)
    at Request.emit (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/Users/jonbarber/work/spikes/s3copy-storybook/node_modules/aws-sdk/lib/request.js:688:14)

This is pretty much a blocker for us using this great utility. Could support for getting AWS credentials this way be added please ?