assuming role

[kmarquardsen]

regarding https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-net/.env.template#L14-L16 is there a simple way to assume a role via the sls framework? I'm currently trying that but via a function that uses https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRole. How do folks typically handle this?

[kmarquardsen]

ah I found https://serverless.com/framework/docs/providers/aws/guide/iam/

[mrserverless]

I use https://github.com/remind101/assume-role, which I also modified to work with powershell.

So basically

1. you copy the .env.template into your .env file.
2. Populate everything but leave out the AWS credentials. They will be populated out of your shell later.
3. run assume-role which sets up the env vars in your shell which are valid for 1 hour
4. when you run the make targets, the docker-compose will pickup the .env file
5. any variables in your .env that don't have a =VALUE will automatically load the variable from your shell.

So basically I rely on docker to interpolate all my env vars and use assume-role to poulate the env vars. I should probably do a more detailed doc on this one.

[kmarquardsen]

cool, yeah I was able to do it via the SAM example I linked. After polishing things up I can add an example of that as well

[mrserverless]

nice one, I'll leave this one open to be referenced by your PR then. Thanks!

[kmarquardsen]

closing this. easiest way would be to follow https://serverless.com/framework/docs/providers/aws/guide/iam/#custom-iam-roles and allow an action with sts:AssumeRole