thomasmichaelwallace / serverless-better-credentials Goto Github PK
View Code? Open in Web Editor NEWBetter AWS credentials resolution plugin for serverless
License: MIT License
serverless-better-credentials's Issues
plugin breaks oidc auth Web Identity Provider authentication
Very similar issue to #15
Our CI / CD (bitbucket cloud) injects
AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE into deployment environment
as outlined here
Adding this plugin works beautifully for local development with AWS SSO but breaks serverless deployment with the same error
Error:
Error: ENOENT: no such file or directory, open '/root/.aws/credentials'
as issue above.
Removing the plugin fixes the issue.
Add requirement for `AWS_SDK_LOAD_CONFIG` when using built-in SSO
Describe the task
The documentation for setting up SSO doesn't mention AWS_SDK_LOAD_CONFIG, as that's an SDK specific detail mentioned on a different page.
To make this easier to use, the requirement should be highlighted.
Additional context
See discussion on #1.
Error when invoking locally without credentials
If I invoke locally without any AWS credentials, e.g. sls invoke local --function foo, an error is thrown:
Error: ENOENT: no such file or directory, open '~/.aws/credentials'
A workaround for this is to just create invalid AWS credentials:
serverless config credentials --provider aws --key NA --secret NA
The obvious answer is that I should just have actual credentials, but I don't think the plugin should throw an error if no credentials are found when invoking locally.
Error: Cannot find module '@serverless/utils/log' after installing and enabling
Describe the bug
After installing the plugin with npm install --dev serverless-better-credentials and adding it as first plugin in serverless.yml, serverless command produces an error Error: Cannot find module '@serverless/utils/log' (full error below).
I also tried serverless plugin install --name serverless-better-credentials and got the same result.
If I remove it from plugins, sls command works again.
To Reproduce
- Create serverles project (I used aws-python template)
- Install this plugin
- Run
serverless
Expected behavior
No error
Desktop (please complete the following information):
- OS: MacOs 12.6
- Version 1.1.3
- Serverless Version 3.23.0
Node version v14.19.1
Additional context
serverless version
serverless --version
Framework Core: 3.23.0
Plugin: 6.2.2
SDK: 4.3.2
serverless.yml
service: sls-project
frameworkVersion: '3'
provider:
name: aws
# https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
runtime: python3.9
region: eu-west-1
# https://www.serverless.com/framework/docs/providers/aws/guide/deploying#deployment-method
deploymentMethod: direct
stage: dev
profile: <aws profile name>
functions:
hello:
handler: handler.hello
plugins:
- serverless-better-credentials
- serverless-python-requirements
Full error
Environment: darwin, node 14.19.1, framework 3.23.0, plugin 6.2.2, SDK 4.3.2
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: Cannot find module '@serverless/utils/log'
Require stack:
- /Users/user/Code/Projects/sls-project/node_modules/serverless-better-credentials/dist/ServerlessBetterCredentials.js
- /Users/user/Code/Projects/sls-project/node_modules/serverless-better-credentials/dist/index.js
- /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/utils/import-module.js
- /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/classes/plugin-manager.js
- /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/serverless.js
- /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/scripts/serverless.js
- /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/bin/serverless.js
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
at Function.Module._load (internal/modules/cjs/loader.js:746:27)
at Module.require (internal/modules/cjs/loader.js:974:19)
at require (internal/modules/cjs/helpers.js:101:18)
at Object.<anonymous> (/Users/user/Code/Projects/sls-project/node_modules/serverless-better-credentials/dist/ServerlessBetterCredentials.js:6:15)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
at Module.require (internal/modules/cjs/loader.js:974:19)
at require (internal/modules/cjs/helpers.js:101:18)
at Object.<anonymous> (/Users/user/Code/Projects/sls-project/node_modules/serverless-better-credentials/dist/index.js:8:55)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
at Module.require (internal/modules/cjs/loader.js:974:19)
at require (internal/modules/cjs/helpers.js:101:18)
at module.exports (/Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/utils/import-module.js:5:12)
at PluginManager.requireServicePlugin (/Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/classes/plugin-manager.js:171:14)
at PluginManager.resolveServicePlugins (/Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/classes/plugin-manager.js:198:29)
at PluginManager.loadAllPlugins (/Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/classes/plugin-manager.js:136:47)
at Serverless.init (/Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/lib/serverless.js:141:30)
at async /Users/user/.nvm/versions/node/v14.19.1/lib/node_modules/serverless/scripts/serverless.js:591:7
```
Doesn't work since 1.2.0
Describe the bug
Since 1.2.0 the plugin does not detect the aws profile anymore and always defaults to the "default" aws profile
To Reproduce
Steps to reproduce the behavior:
- Upgrade to 1.2.0 in an existing project
- Try to deploy
Expected behavior
Should deploy fine
Screenshots
sls info --aws-profile some-dev
Running "serverless" from node_modules
✔ serverless-better-credentials: credentials resolved from config ini profile: AWS_DEFAULT_PROFILE (default)
Environment: darwin, node 16.19.1, framework 3.32.2 (local) 3.33.0v (global), plugin 6.2.3, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
'/20230703/eu-central-1/cloudformation/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header .....
Desktop (please complete the following information):
- OS: macOS
- Version: 13.4.1 (22F82)
- Serverless Version: 3.32.2
The installation command is incorrect
Describe the task
The installation command on this page is incorrect.
https://www.serverless.com/plugins/serverless-better-credentials
npm install --dev serverless-better-credentials
↓
npm install --save-dev serverless-better-credentials
Additional context
AWS-SDK v3 Compatibility
pardon for my confusion but does this plugin works with AWS JS SDK v3 (either on node 16 or 18 runtime)? I've been trying to migrate to aws js sdk v3 with no luck
@thomasmichaelwallace all my tooling works just fine, it's just that when deployed using any sdk module throws CredentialsProviderError: Could not load credentials from any providers
Originally posted by @deathemperor in #9 (comment)
Problems when using with serverless-domain-manager
Describe the bug
This might not be directly related to your code, it's just a clash with a different library, but I thought you might want to know: amplify-education/serverless-domain-manager#580
Plugin failed on EC2 with IAM Role
Describe the bug
when we use plugin on EC2 with IAM role, it doesn't work anymore
To Reproduce
Steps to reproduce the behavior:
- Launch EC2 user with IAM Role
- create minimal project with serverless and serverless-better-credentials plugin
- npx sls info --stage dev
- See error
Expected behavior
get credentials from IAM Role
Screenshots
[ec2-user@ip-xxx user]$ npx sls info --stage dev --verbose
Environment: linux, node 16.17.1, framework 3.23.0 (local), plugin 6.2.2, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: ENOENT: no such file or directory, open '/home/ec2-user/.aws/credentials'
at Object.openSync (node:fs:594:3)
at Object.readFileSync (node:fs:462:35)
Additional infos:
[ec2-user@ip-xxx user]$ aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************6MW2 iam-role
secret_key ****************Zy5I iam-role
region <not set> None None
I try to add ~/.aws/config with only
[default]
region=eu-west-1
And try again
[ec2-user@ip-xxx user]$ AWS_SDK_LOAD_CONFIG=1 npx sls info --stage dev
Environment: linux, node 16.17.1, framework 3.23.0 (local), plugin 6.2.2, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
ProcessCredentialsProviderFailure: Profile default did not include credential process
at ProcessCredentials.load (/home/ec2-user/user/node_modules/aws-sdk/lib/credentials/process_credentials.js:102:11)
Desktop (please complete the following information):
- OS: [Amazon linux]
- Serverless Version [3.23.0]
Additional context
When we comment the plugin, it works fine.
Does it possible to have a (env?) variable to by-pass SSO authentication ?
Otherwise with SSO, this plugin is great :)
Error: The security token included in the request is invalid
Describe the bug
When running serverless deploy using the plugin in Linux (Ubuntu 20.04.1) I get the following error and I can't deploy to the environment:
Error:
The security token included in the request is invalid
To Reproduce
Steps to reproduce the behavior:
- install serverless-better-credentials plugin using npm
- add the plugin at the top of the plugins section in serverless.yaml file
- run
export AWS_SDK_LOAD_CONFIG=1 - run
aws sso login - run
serverless deploy - I get the following error:
Error:
The security token included in the request is invalid
Expected behavior
Serverless App get deployed in the AWS environment.
Screenshots
serverless deploy
Running "serverless" from node_modules
Deploying my_app to stage sandbox (us-east-2)
✔ serverless-better-credentials: credentials resolved from config ini profile: AWS_PROFILE (sandbox)
Using Python specified in "runtime": python3.8
Packaging Python WSGI handler...
✖ Stack my_app failed to deploy (9s)
Environment: linux, node 16.14.2, framework 3.20.0 (local) 3.19.0v (global), plugin 6.2.2, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
The security token included in the request is invalid
Desktop (please complete the following information):
- OS: [Ubuntu]
- Version [20.04.1]
- Serverless Version [3.20.0]
Additional context
Can this be an issue related to Linux OS?
Support Role profile with SSO profile as a source profile.
Is your feature request related to a problem? Please describe.
The following scenario isn't covered by the plugin
- Role profile (account B) with SSO profile (account A) as a source profile.
# ~/.aws/config file
[profile payment-suite-pro]
sso_start_url = https://xxx.awsapps.com/start
sso_region = eu-north-1
sso_account_id = 99999999999
sso_role_name = FullAccess
[profile spt-payment-dev]
role_arn = arn:aws:iam::111111111:role/AssumableAdmin
source_profile = payment-suite-pro
Current behaviour
➜ npx sls info
> [email protected] deploy:info:order-service
> sls info
Environment: darwin, node 16.17.0, framework 3.22.0 (local), plugin 6.2.2, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Cannot resolve serverless.yml: Variables resolution errored with:
- Cannot resolve variable at "provider.iam.role.statements.1.Resource.0": Profile spt-payment-dev did not include credential process
Describe the solution you'd like
$ export AWS_PROFILE="spt-payment-dev"
$ npx sls info
# 1. Initiate aws sso login towards 'payment-suite-pro' account
# 2. Get temporary credentials using AssumeRole action to act as 'spt-payment-dev' account
Support for aws-sdk v3
Is your feature request related to a problem? Please describe.
Dear Developers/Maintainers,
We are working on migration to aws-sdk v3 and serverless-better-credentials requires aws-sdk v2. It comes from the package.json:
"peerDependencies": {
"@serverless/utils": "^6.0.2",
"aws-sdk": "^2.567.0",
"serverless": "^2 || ^3"
},
Because of that while updating aws-sdk in our project we are getting following error message:
/.nvm/versions/node/v20.11.1/bin/npm install
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/aws-sdk
npm WARN aws-sdk@"^3.523.0" from the root project
npm WARN 9 more (@aws/dynamodb-auto-marshaller, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer aws-sdk@"^2.567.0" from [email protected]
npm WARN node_modules/serverless-better-credentials
npm WARN dev serverless-better-credentials@"^2.0.0" from the root project
npm ERR! code ETARGET
npm ERR! notarget No matching version found for aws-sdk@^3.523.0.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
That is blocking us from upgrade to aws-sdk v3 properly without messing up with dependencies.
Describe the solution you'd like
Could you please share if there are plans to support aws-sdk v3? And if so is there a date when we can expect it?
`Cannot read property 'getPromise' of undefined` when using Serverless ci/cd
Describe the bug
When using Serverless's CI/CD feature to deploy, serverless-better-credentials raises a "TypeError: Cannot read property 'getPromise' of undefined" in the init method of the ServerlessBetterCredentials class. This happens even when serverless-better-credentials as the first plugin listed.
To Reproduce
Steps to reproduce the behavior:
- Set up serverless CI/CD following this guide: https://www.serverless.com/framework/docs/guides/cicd, but using the "automatic" setup for a provider
- Trigger an automatic deployment
- In the serverless dashboard, go to "ci/cd", click the most recent deployment, then navigate to the build log
- You should see the referenced error
Expected behavior
I expected the build to succeed and for serverless-better-credentials to not throw an error.
Screenshots
Desktop (please complete the following information):
- OS: linux
- Version: Not sure, whatever Serverless uses to deploy for their CI/CD pipeline
- Serverless Version: 3.15.2
Additional context
I think that when using the CI/CD pipeline, serverless may be initializing the provider.cachedCredentials variable (used in the getCredentials method) before serverless-better-credentials is able to. This leads to the cachedCredentials being returned before the getCredentials method can format it, so it is not in the structure expected by the ServerlessBetterCredentials init method.
enabled flag is not respected
Describe the bug
Setting the enabled flag to false does not prevent betterCredentials from running.
To Reproduce
Set enabled flag to false and run serverless
Expected behavior
It should prevent betterCredentials from running.
Desktop (please complete the following information):
- Version 2.0.0
- Serverless Version 3.38.0
Based on this piece of the README:
custom:
betterCredentials:
# Use this flag to turn off the plugin entirely, which you may want for certain stages.
# Defaults to true.
enabled: true
... I'd expect that setting enabled to false would prevent betterCredentials from trying to obtain credentials.
Add missing providers from the SDK default chain
Is your feature request related to a problem? Please describe.
There are several providers in the default AWS SDK provider chain that don't exist in this implementation, which causes users leveraging them to experience errors (#24), since those methods are never tried
Describe the solution you'd like
The default provider chain in the AWS SDK is
AWS.EnvironmentCredentials('AWS')
AWS.EnvironmentCredentials('AMAZON')
AWS.SsoCredentials
AWS.SharedIniFileCredentials
AWS.ECSCredentials
AWS.ProcessCredentials
AWS.TokenFileWebIdentityCredentials
AWS.EC2MetadataCredentials
ignoring the EnvironmentCredentials for the moment, currently what's implemented here is
AWS.SharedIniFileCredentials
SsoCredentials # The local implementation
AWS.ProcessCredentials
I'd propose adding the remaining providers to the chain:
AWS.ECSCredentials
# ProcessCredentials is already added
AWS.TokenFileWebIdentityCredentials
AWS.EC2MetadataCredentials
Additional context
I started implementing this on my end and had some questions about the current setup.
- It looks like the precedence of SSO vs SharedIniFile is flipped from the default in the current implementation. Should that order be preserved?
- It seems that for each potential profile value, all the possible providers are added to the chain. I would have thought that profile could only ever be one value, taking a precedence of resolution, and then that value is used for the providers that use it?
let profile = this.options['aws-profile'] || process.env[`AWS_${stageUpper}_PROFILE`] || process.env.AWS_PROFILE || this.serverless.service.provider.profile || process.env.AWS_DEFAULT_PROFILE
params = { profile }
this.chain.push(SsoProvider(params))Is that just to keep the framework's default order that prefers profile over keys if the profile was given as a CLI arg?
AWS SSO profile
It's a bug, the function trying to open a flag instead of file
The simplest AWS_PROFILE doesn't even work
Describe the bug
AWS_PROFILE=profile1 sls info
Running "serverless" from node_modules
✔ serverless-better-credentials: credentials resolved from config ini profile: AWS_DEFAULT_PROFILE (default)
To Reproduce
Set a regular SSO profile:
[profile profile1]
sso_start_url = https://my-company-sso.awsapps.com/start
sso_region = us-east-1
sso_account_id = 12345678900
sso_role_name = AWSAdministratorAccess
region = us-east-1
output = json
And then: see above
Expected behavior
AWS_PROFILE is taken into account, as AWS_PROFILE=profile1 aws sts get-caller-identity works fine
Desktop (please complete the following information):
- OS:
Ubuntu 20.04 - Version:
1.1.3 - Serverless Version:
Framework Core: 3.17.0 (local) 3.21.0 (global)
Add support for serverless print
Is your feature request related to a problem? Please describe.
It seems when using sls print the serverless-better-credentials is not being used causing errors like:
cannot resolve variable at "custom.xxxx": Profile default not found
Describe the solution you'd like
Add support for the serverless print command
plugin not working on aws with instance profile sourced temporary credentials
Describe the bug
running sls package on instance with instance profile sourced temporary aws credentials the following error shows up: ENOENT: no such file or directory, open '/home/node/.aws/credentials'
adding the file (touch), a new error: ProcessCredentialsProviderFailure: Profile default not found (unsetting the variable with AWS_PROFLE= does not work)
Expected behavior
if no profile is set - use instance profile credentials
Screenshots
normal call:
$ SERVICE_NAME="staging-portal" npx serverless package --stage=dev
Packaging staging-portal for stage dev (us-east-1)
Environment: linux, node 16.20.0, framework 3.31.0 (local), plugin 6.2.3, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: ENOENT: no such file or directory, open '/home/node/.aws/credentials'
at Object.openSync (node:fs:590:3)
at Object.readFileSync (node:fs:458:35)
at Object.readFileSync (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at Object.getProfilesFromSharedConfig (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/util.js:962:39)
at ProcessCredentials.load (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/process_credentials.js:75:31)
at ProcessCredentials.coalesceRefresh (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:205:12)
at ProcessCredentials.refresh (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/process_credentials.js:163:10)
at ProcessCredentials.get (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:122:12)
at resolveNext (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17)
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:126:13
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:124:23
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:212:15
at processTicksAndRejections (node:internal/process/task_queues:78:11)
2 deprecations found: run 'serverless doctor' for more details
with empty credentials file
$ SERVICE_NAME="staging-portal" npx serverless package --stage=dev
Packaging staging-portal for stage dev (us-east-1)
Environment: linux, node 16.20.0, framework 3.31.0 (local), plugin 6.2.3, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: ENOENT: no such file or directory, open '/home/node/.aws/credentials'
at Object.openSync (node:fs:590:3)
at Object.readFileSync (node:fs:458:35)
at Object.readFileSync (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at Object.getProfilesFromSharedConfig (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/util.js:962:39)
at ProcessCredentials.load (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/process_credentials.js:75:31)
at ProcessCredentials.coalesceRefresh (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:205:12)
at ProcessCredentials.refresh (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/process_credentials.js:163:10)
at ProcessCredentials.get (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:122:12)
at resolveNext (/opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17)
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:126:13
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:124:23
at /opt/buildagent/work/73c5c0396a294f8/services/lambda-api/node_modules/aws-sdk/lib/credentials.js:212:15
at processTicksAndRejections (node:internal/process/task_queues:78:11)
2 deprecations found: run 'serverless doctor' for more details
sls yml - plugins used
frameworkVersion: '3.31.0'
plugins:
- serverless-better-credentials # needs to be the first plugin, bypass sls aws credential resolving and add sso - does not work with instance profile credentials
- serverless-domain-manager # careful to update, latest version uses aws sdk v3
- serverless-offline
- serverless-prune-plugin
- serverless-plugin-ifelse
custom:
region: ${env:AWS_DEFAULT_REGION, 'us-east-1'}
provider:
name: aws
region: ${self:custom.region}
deploymentMethod: direct
Desktop (please complete the following information):
see debug output above
Error: no such file or directory '.aws/credentials'
This plugin seems to have no effect.
Extract from serverless.yml:
plugins:
- serverless-better-credentials
- serverless-esbuild
- serverless-offline
- '@haftahave/serverless-ses-template'
Running aws sso login --profile stage and then npx sls offline --stage local --aws-profile stage returns:
Environment: darwin, node 14.19.0, framework 3.2.1 (local), plugin 6.0.0, SDK 4.3.1
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: ENOENT: no such file or directory, open '/Users/michael/.aws/credentials'
at Object.openSync (fs.js:497:3)
at Object.readFileSync (fs.js:393:35)
at Object.readFileSync (/Users/michael/code/emails/node_modules/aws-sdk/lib/util.js:95:26)
(Stack trace continues for a dozen more lines.)
Expected behavior
Serverless uses the credentials that I got with aws sso login.
Environment
New AWS SSO config format
Describe the bug
This plugin is not compatible with the new default AWS SSO sessions format
To Reproduce
Steps to reproduce the behavior:
- Define a new sso session profile with
aws configure sso - Try to deploy a serverless stack with this plugin and the new profile
- The plugin will try to use the default profile.
Expected behavior
The plugin loads the right profile.
Desktop (please complete the following information):
- OS: MacOS
- Version v1.1.2
- Serverless Version 3.26.0
Authentication fails on Mac M3 if `~/.aws/credentials` file is missing and valid SSO configuration exists in `~/.aws/config`
Steps to reproduce the behavior:
- Provide a valid AWS SSO configuration in
~/.aws/configwith which you want to authenticate - Remove the ~/.aws/credentials file
- Run whichever Serverless command you like
Expected behavior
SSO authentication should succeed
Screenshots
Output from running the command in the configuration described above:
$>./node_modules/.bin/serverless openapi generate --format json --output libs/output.json --openApiVersion 3.0.0 --config serverless.yml
Environment: darwin, node 18.16.0, framework 3.32.2 (local), plugin 6.2.3, SDK 4.3.2
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: connect EHOSTDOWN 169.254.169.254:80 - Local (192.168.69.105:49706)
at internalConnect (node:net:1066:16)
at defaultTriggerAsyncIdScope (node:internal/async_hooks:464:18)
at node:net:1250:9
at processTicksAndRejections (node:internal/process/task_queues:77:11)
at runNextTicks (node:internal/process/task_queues:64:3)
at process.processTimers (node:internal/timers:509:9)Desktop (please complete the following information):
- OS: MacOs
- Version Sonoma 14.4.1
- Serverless Version 2.0.0
Error when trying to deploy dev branch with AWS Codepipeline
Describe the issue
When I try to deploy my Serverless project to a dev pipeline using AWS Codepipeline I get the error "ENOENT: no such file or directory, open '/root/.aws/credentials'" error at the build stage. If I remove the entries for serverless-better-credentials from serverless.yml and package.json however, the build works fine.
To Reproduce
set up AWS to use single sign-on
Deploy dev branch using Codepipeline
Expected behavior
The plugin doesn't interfere with deployment. I assume this is what's happening because the error disappears when code pipeline excluded.
Screenshots
Where the build fails and stack trace:
Desktop (please complete the following information):
- OS: macOS Monterey v12.6.1
- Version (serverless-better-credentials): 1.1.3
- Serverless Version: 3.27.0
Additional context
I'm not sure what the issue could be so I'm hoping someone could give me some insight as to the possible causes and where to look to try and resolve this.
Migrate tests
Describe the task
The original patch included patched tests, which haven't been migrated into this stand-alone plugin.
For people's peace of mind, the tests should be migrated.
Unhelpful error when SSO session has expired
Describe the bug
It was working fine, but suddenly I got an error saying: CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
To Reproduce
Steps to reproduce the behavior:
- Login via AWS SSO
- Run a serverless command
- All works
- Wait for session to expire
- Run a serverless command
- See the error
Expected behavior
A warning should be displayed and a new session could be started automatically
Screenshots
➜ ses-forwarder git:(develop) ✗ AWS_SDK_LOAD_CONFIG=1 npx sls deploy
Deploying ses-forwarder to stage prod (eu-west-1)
Error:
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
at ProcessCredentials.load (.../mygrano-serverless/node_modules/aws-sdk/lib/credentials/process_credentials.js:80:11)
Desktop (please complete the following information):
- OS: MacOS 12.6
- Version 1.1.3
- Serverless Version Framework Core: 3.22.0 (local) Plugin: 6.2.2 SDK: 4.3.2
Additional context
After refreshing the CLI session manually it works again.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.