search

thomasmichaelwallace / serverless-better-credentials

Better AWS credentials resolution plugin for serverless
MIT License
54 stars 9 forks source link

Error when invoking locally without credentials #8

Closed adamhl8 closed 1 year ago

adamhl8 commented 1 year ago

If I invoke locally without any AWS credentials, e.g. sls invoke local --function foo, an error is thrown: Error: ENOENT: no such file or directory, open '~/.aws/credentials'

A workaround for this is to just create invalid AWS credentials: serverless config credentials --provider aws --key NA --secret NA

The obvious answer is that I should just have actual credentials, but I don't think the plugin should throw an error if no credentials are found when invoking locally.

thomasmichaelwallace commented 1 year ago

Hey there- thanks for reporting.

It's definitely an interesting edge case; I'll admit I don't actually use invoke local, and as far as I'm aware it's impossible for a deployed lambda to run without any credentials (even if they're just for a role which isn't doing anything).

As you note - mixing in some credentials (either using the cli arguments, or you could have a default profile configured or enviornment variables) is a workaround.

I'm not against a PR - although it's quite possible the error is being thrown from the aws-sdk itself - but I don't have the bandwidth to fix it myself.

thomasmichaelwallace commented 1 year ago

I'm going to close this as a bit of house keeping.

Thanks again for reporting, though.

throrin19 commented 1 year ago

Hey, I have the same problem. I use this plugin to try to deploy my app using aws SSO. But I develop using serverless-offline.

Whith this plugin, it's not possible to use serverless-offline. I have an error on credentials or profile

aldenquimby commented 10 months ago

I am running into the same issues as @throrin19

@thomasmichaelwallace what are your thoughts on a PR that no-ops this plugin if the IS_OFFLINE env variable is set? That's what serverless-offline uses to signal it's running

thomasmichaelwallace commented 10 months ago

I don't have a problem with it, if it works.

The interaction between plugins and credentials is weirdly complicated; especially now some plugins are based on v3 of the AWS-SDK.

Something else to try is the workaround I've added to the troubleshooting stage, where you provide a credentials file:

https://github.com/thomasmichaelwallace/serverless-better-credentials?tab=readme-ov-file#troubleshooting

aldenquimby commented 9 months ago

@thomasmichaelwallace PR for you here! https://github.com/thomasmichaelwallace/serverless-better-credentials/pull/33

I plan to use this to enable everywhere except local, where I don't need AWS creds:

params:
  default:
    better-credentials-enabled: true
  local:
    better-credentials-enabled: false

plugins:
  - serverless-better-credentials

custom:
  betterCredentials:
    enabled: ${param:better-credentials-enabled}