Framework is ignoring profile (AWS account) settings (per stage profile)

I want Serverless Framework to deploy stack to 2 different AWS accounts depending on stage.

My .aws\credentials looks like that:

[default]
aws_access_key_id = AKI....
aws_secret_access_key = Lwx....
[testAccount]
aws_access_key_id = AKI...
aws_secret_access_key = 7pjV....
[prodAccount]
aws_access_key_id = AK....
aws_secret_access_key = Lw....

and my serverless.yml looks like that:

custom:
  myStage: ${opt:stage, self:provider.stage}
  myProfile:
    dev: testAccount
    prod: prodAccount
  myRegion:
    dev: eu-west-1 # Ireland
    prod: us-west-2 # Oregon

provider:
  name: aws
  stage: dev
  runtime: nodejs8.10
  profile: ${self:custom.myProfile.${self:custom.myStage}}
  region: ${self:custom.myRegion.${self:custom.myStage}}

Both sls deploy --stage prod & sls deploy commend deploy stack to the [default] account.

I saw similar config in docs https://serverless.com/framework/docs/providers/aws/guide/credentials#per-stage-profiles

What am I doing wrong?

PS. What’s also strange is that regions are properly handled.

sls -v
1.26.1

I think you need to set an environment varable called “AWS_PROFILE” [1][2].
This should help the aws cli to use the profile you want.

[1] https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
[2] https://serverless.com/framework/docs/providers/aws/guide/variables/

@willKo I don’t think so. It used to work without environment varable correctly.

@Pawel I am having the same issue. Tried removing serverless and reinstalling but same issue (specifying an an aws profile, but deploying to my main aws account)

I deploy to two different stacks without any problems, but I do have a slightly different setup:

custom:
  ${file(env/${opt:stage, 'dev'}.yml)}

provider:
  ..
  profile: ${self:custom.profile}
  ..

In dev.yml I have

profile: "dev"

And in prd.yml I have

profile: "prd"

Obviously my default and prd profiles are set up in point to separate accounts in .aws/credentials

@Pawel my issue ended up being that I was looking for them in the aws web gui, but was looking in the wrong region

The way how we work in our environment is we do not hard code the stage or region in the serverless.yml file. It is passed via the deploy command.

Command line to deploy :

serverless deploy --stage dev --region us-east-1 --profile awsDev

Sample Serverless.yml File

service: xyz

provider:
  name: aws
  runtime: nodejs6.10
  memorySize: 1024
  environment:
    XXX: ${ssm:/${self:custom.stage}/xxx~true}
    
custom:
  stage: ${opt:stage, self:provider.stage}
  
functions:
  testMe:
    handler: handler.xyz
    onError: ${self:provider.environment.XXX}
    access: public
    events:
      - http:
          path : myApi
          method : get

@Pawel did you find a fix?

I tried absolutely everything to persuade serverless to use a profile from my aws-cli credentials. Absolutely nothing worked at all.

I had linked my web serverless dashboard to my serverless CLI, and that created a default profile for deployment. It turned out that the serverless CLI was using that default profile from the web dashboard for all my stage deployments, despite specifying a different profile everywhere else. The only way I found to override it was to establish a second profile in the web dashboard, link it with the right AWS account in the web dashboard, and explicitly set that profile to be used for the right stage in the web dashboard.

–aws-profile in the serverless CLI, AWS_PROFILE= in the serverless CLI, and profile: in serverless.yml, had absolutely no effect. This is with the latest code in 2020-03.