AWS Config credential_source=EcsContainer. Serverless from ECS container

security

#1

Hi There
I have been struggling with this now for a couple of days. I am trying to use the serverless framework on ecscontainer that has several roles configured. aws cli commands work well for any profile I like to select. However whenever i try to run sls deploy --aws-profile playground simple lambda function, I keep getting:

Serverless: Creating Stack...

Error --------------------------------------------------

Profile playground does not exist

 For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

Stack Trace --------------------------------------------

Error: Profile playground does not exist
at Object.addProfileCredentials (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:86:15)
at AwsProvider.getCredentials (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:310:12)
at AwsProvider.request (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:197:30)
at createDeployment.then (/usr/lib/node_modules/serverless/lib/plugins/aws/deploy/lib/createStack.js:39:61)

My current config looks like:

[playground]
role_arn=somerolearn
credential_source=EcsContainer

[dev]
role_arn=somerolearn
credential_source=EcsContainer

[test]
role_arn=somerolearn
credential_source=EcsContainer

[qa]
role_arn=arn:somerolearn
credential_source=EcsContainer

#2

I am too facing the same issue., Please share me the suggestions if its get fixed for you.


#3

@Ananya, not a real solution but workaround for now. In my case, I ended up running a bash script that fetches temp credentials and sets them as environment variables.
Prerequisite for running the script: jq installed

#!/bin/bash

CREDS=$(aws sts assume-role --role-arn $1 --role-session-name $2)
RETURN_VAL=$?

if [ "$RETURN_VAL" -eq "0" ]; then

   KEYID=`      echo $CREDS | jq -r '.Credentials.AccessKeyId'`
   SECRETKEY=`  echo $CREDS | jq -r '.Credentials.SecretAccessKey'`
   TOKEN=`      echo $CREDS | jq -r '.Credentials.SessionToken'`

   export AWS_ACCESS_KEY_ID=$KEYID
   export AWS_SECRET_ACCESS_KEY=$SECRETKEY
   export AWS_SESSION_TOKEN=$TOKEN
else
  echo "Failed to set credentials"
fi

As far as my research goes, serverless or aws js-sdk does not support our use case.