Alright, im at a loss here.
im using serverless w/ aws
everything seems fine when i host local
cross-env deploy_channel='development' projectId='foo' serverless offline start
but when i run
serverless deploy
and i check cloudwatch logs, i get:
{ CredentialsError: Missing credentials in config
at Object.openSync (fs.js:443:3)
at Object.readFileSync (fs.js:343:35)
at Object.readFileSync (/var/runtime/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/var/runtime/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/var/runtime/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at SharedIniFileCredentials.load (/var/runtime/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:104:41)
at SharedIniFileCredentials.coalesceRefresh (/var/runtime/node_modules/aws-sdk/lib/credentials.js:205:12)
at SharedIniFileCredentials.refresh (/var/runtime/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:185:10)
at SharedIniFileCredentials.get (/var/runtime/node_modules/aws-sdk/lib/credentials.js:122:12)
at getAsyncCredentials (/var/runtime/node_modules/aws-sdk/lib/config.js:361:24)
message: 'Missing credentials in config',
errno: -2,
syscall: 'open',
code: 'CredentialsError',
path: '/home/sbx_user1080/.aws/credentials',
time: 2019-09-20T02:36:00.842Z,
originalError:
{ message: 'Could not load credentials from SharedIniFileCredentials',
errno: -2,
syscall: 'open',
code: 'CredentialsError',
path: '/home/sbx_user1080/.aws/credentials',
time: 2019-09-20T02:36:00.842Z,
originalError:
{ errno: -2,
syscall: 'open',
code: 'ENOENT',
path: '/home/sbx_user1080/.aws/credentials',
message:
'ENOENT: no such file or directory, open \'/home/sbx_user1080/.aws/credentials\'' } } }
My understanding is that the lambdas should have an IAM user assigned to them at deploy time, and i see that user assigned to them
I’ve tried a narrow row and an expansive admin type role, neither seem to work
According to what feels like common sense and the thread here:
that feels like it should be enough, but apparently it’s not.
so i’ve tried numerous way to export the keys to the system env at deploy time, and while deploy goes smooth, it still gives me the same error when the functions are invoked while hosted in AWS.
The code is erroring as i attempt to run a function to retrieve some secrets from secrets manager…
return new Promise(async (resolve, reject) => {
// Use this code snippet in your app.
// If you need more information about configurations or implementing the sample code, visit the AWS docs:
// https://aws.amazon.com/developers/getting-started/nodejs/
// Create a Secrets Manager client
console.log('----->region:', region);
console.log('<---------------> marker 333 <--------------->');
var client = new AWS.SecretsManager();
console.log('<---------------> marker 4444 <--------------->');
// Load the AWS SDK
let secret;
let decodedBinarySecret;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
await client.getSecretValue({SecretId: secretName}, function (err, data) {
console.log('<---------------> marker 55555 <--------------->');
if (err) {
if (err.code === 'DecryptionFailureException') {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
reject(err);
} else if (err.code === 'InternalServiceErrorException') {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else if (err.code === 'InvalidParameterException') {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else if (err.code === 'InvalidRequestException') {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else if (err.code === 'ResourceNotFoundException') {
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
}
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populamasted.
if ('SecretString' in data) {
resolve(JSON.parse(data.SecretString));
} else {
const buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
resolve({decodedBinarySecret, secret});
}
}
});
});
The lions share of the code is written by the aws crew themselves, and it works when i host local, so it should be quality. However, when deployed It never gets to marker 5. Feels really weird that the lambda would spin up, with and iam role that has full admin access, run until this point, then fail.
Any thoughts?