Closed pkit closed 1 year ago
Hmm - that is interesting because it is working for me.
➜ DP_STAGE=development AWS_PROFILE=iamadmin-general ../../node_modules/.bin/serverless info --verbose
✔ serverless-better-credentials: credentials resolved from config ini profile: AWS_PROFILE (iamadmin-general)
Something which I'm suspicious of - do you have AWS_SDK_LOAD_CONFIG
set in your enviornment?
Perhaps you could share the output of:
AWS_SDK_LOAD_CONFIG=1 AWS_PROFILE=profile1 sls info --verbose
Nope:
$ echo $AWS_SDK_LOAD_CONFIG
AWS_SDK_LOAD_CONFIG=1 AWS_PROFILE=profile1 sls info --verbose
correctly loads credentials.
Cool - then that explains it then.
AWS_SDK_LOAD_CONFIG
must be truthy if you're using a ~/.aws/config
file instead of the credentials file with any javascript tooling. (docs)
It is actually mentioned on the project readme:
Take note that if you are using SSO with the approach AWS document (a shared .aws/config file) you'll also need to set the AWS_SDK_LOAD_CONFIG enviornment value to something truthy (e.g. AWS_SDK_LOAD_CONFIG=1), as described in the AWS SDK documentation.
So I'm going to close this on a 'the simplest of documentation doesn't even get read' 😉 technicality.
Jokes aside - though - happy to take a PR if you have a better way of formatting the readme to make it more obvious to people who haven't encountered that quirk of the AWS + javascript toolkits before; StackOverflow attests to you not being the only one.
Ooof, it was probably created just to prevent nodejs servers from reading stuff in the filesystem. We are talking about a cli tool, I cannot see how it shouldn't be always set to 1. But ok. Thanks.
P.S. profiles always exist in ~/.aws/config
only.
Just FYI, the following patch to serverless
solved all my problems
diff --git a/node_modules/serverless/bin/serverless.js b/node_modules/serverless/bin/serverless.js
index b3f91c3..4a4b6fb 100755
--- a/node_modules/serverless/bin/serverless.js
+++ b/node_modules/serverless/bin/serverless.js
@@ -16,6 +16,12 @@ const nodeVersionMinor = Number(process.version.split('.')[1]);
const minimumSupportedVersionMajor = 12;
const minimumSupportedVersionMinor = 13;
+if (process.env.AWS_SDK_LOAD_CONFIG != '1') {
+ const { spawn } = require('child_process');
+ const args = [];
+ args.push(...process.execArgv, ...process.argv.slice(1));
+ spawn(process.argv[0], args, { stdio: 'inherit', env: { ...process.env, AWS_SDK_LOAD_CONFIG: '1' } });
+} else {
if (
nodeVersionMajor < minimumSupportedVersionMajor ||
(nodeVersionMajor === minimumSupportedVersionMajor &&
@@ -124,3 +130,4 @@ require('../lib/cli/triage')().then((cliName) => {
throw new Error(`Unrecognized CLI name "${cliName}"`);
}
});
+}
FWIW I have it set in my ~/.zshrc
, as it only comes back to bite you when you run javascript scripts using the aws-sdk
locally.
I get why they do it that way, although I appreciate it's confusing. There's a whole variety of fun flags &c. that exist surrounding credentials in AWS; scars from multiple design choices and workarounds and extensions throughout the ages.
For example - you can have named profiles in ~/.aws/credentials
(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html); although most keys are technically only valid in the config file - but the javascript aws-sdk just treats them interchangeably. You can also specify where these files are using AWS_SHARED_CREDENTIALS_FILE
; and they all have random (/badly documentet) precedents.
Even worse - you shouldn't prefix the name of a profile with profile
if you want it to be read by the java aws-sdk, but if you don't you run in to problems other languages.
Like all good, old, evolving systems, it's a mess 😄 . My main aim with this plugin was just to make that mess consistent across the aws-sdk and serverless so people don't have to work around things twice.
Describe the bug
To Reproduce Set a regular SSO profile:
And then: see above
Expected behavior
AWS_PROFILE
is taken into account, asAWS_PROFILE=profile1 aws sts get-caller-identity
works fineDesktop (please complete the following information):
Ubuntu 20.04
1.1.3
Framework Core: 3.17.0 (local) 3.21.0 (global)