I am struggling with how best to resolve a problem I’ve run into. Following AWS best practices, we have no named users in our accounts, and instead log in with a role that has permissions to assume other roles for each account we need access to.
So we use “gimme-aws-creds” (see https://github.com/Nike-Inc/gimme-aws-creds) to authenticate into the default role, and then run all aws commands with the “–profile” that we need for each account (in this case wf-web).
We have a ~/.aws/config file that has the profile for wf-web like:
[profile wf-web]
source_profile = cloud-admin
role_arn = arn:aws:iam::xxxxxxxxx:role/admin
and the gimme-aws-creds writes the temporary creds into the credentials file so that the assume role works.
The problem appears to be that when running sls, it tries to find the “wf-web” in the ~/.aws/credentails file instead of looking in the config as expected, so I get an error like:
RobWeaver:TrialAccountProvisionService robweaver$ sls deploy --stage=dev --aws-profile wf-web
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Error --------------------------------------------------
Profile wf-web does not exist
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information -----------------------------
OS: darwin
Node Version: 10.0.0
Serverless Version: 1.27.3