While I have deployed hundreds of NodeJS Lambda functions via serverless this is my first time working with container functions. As always, it works flawlessly locally but now I am trying to get over the first time deploy to AWS hump.
- I am deploying a containerised Node function derived from public.ecr.aws/lambda/nodejs:14.
- The function copies some files to S3
- Serverless has created an IAM role that is attached to the Lambda
- The role includes s3:PutObject and s3:PutObjectAcl on the bucket and bucket paths
- CloudWatch logs
CredentialsProviderError: Could not load credentials from any providers
- I started with the default
const s3 = new S3Client()
which I have always used in the past in native Node Lambda functions without issue. But that triggers the error. - I have tried forcing the region
const s3 = new S3Client({region: "us-east-1"})
so that the constructor property is not empty. That too resulted in the same error. - When I echo out the environment it includes an AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID that do not match any of my known credentials. I believe these are autogenerated by AWS and unique to the IAM role.
- If I edit my S3 client constructor to include the access key and secret found in the environment the function still does not work and still reports the same error.
- I can pass user credentials, as found in my ~/.aws/credentials file and that does work. But I should not have to create a specific user when an IAM role is being created automatically.
I am wondering if it has something to do with the runtime interface client and emulator?