Greetings,
After a recent upgrade to 1.30.0 I am noticing an interesting behavior. I’ve got a serverless.yml
file that creates a lambda function:
functions: detectNudity:
handler: functions/detect_nudity.lambda_handler
timeout: 5
I am invoking serverless using an aws profile for my staging environment:
$ serverless deploy --stage=staging --aws-profile=serverless-staging -v
And as I would expect, I can see the lambda function being created with an ARN that references the AWS Account ID associated with the given profile:
Service Information
service: MyService
stage: staging
region: us-east-1
stack: MyService-staging
api keys:
None
endpoints:
None
functions:
detectNudity: MyService-staging-detectNudity
Stack Outputs
DetectNudityLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-1:<EXPECTED_ACCOUNT_ID>:function:MyService-staging-detectNudity:40
However, as the build is completing, there appears to be an attempt to look up things that have been created, and when this step is hit, the ARN for the function is not correct. It contains the account id associated with my default aws profile credentials:
Resource Not Found Exception ---------------------------
Function not found: arn:aws:lambda:us-east-1:<DEFAULT_ACCOUNT_ID>:function:MyService-staging-detectNudity
There is a traceback associated with this error:
ResourceNotFoundException: Function not found: arn:aws:lambda:us-east-1:972099457318:function:ContentModeration-staging-profileDecision
at Object.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)
at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
at callNextListener (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
at IncomingMessage.onEnd (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/event_listeners.js:294:13)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
From previous event:
at PluginManager.invoke (/usr/local/lib/node_modules/serverless/lib/classes/PluginManager.js:390:22)
at PluginManager.run (/usr/local/lib/node_modules/serverless/lib/classes/PluginManager.js:421:17)
at variables.populateService.then.then (/usr/local/lib/node_modules/serverless/lib/Serverless.js:157:33)
at runCallback (timers.js:810:20)
at tryOnImmediate (timers.js:768:5)
at processImmediate [as _immediateCallback] (timers.js:745:5)
From previous event:
at Serverless.run (/usr/local/lib/node_modules/serverless/lib/Serverless.js:144:8)
at serverless.init.then (/usr/local/lib/node_modules/serverless/bin/serverless:43:50)
at <anonymous>
I’ve tried removing the [default]
profile and credentials from my ~/.aws/credentials
file, leaving only named profiles, but doing so results in a different error:
Credentials Error --------------------------------------
Missing credentials in config
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
Stack Trace --------------------------------------------
CredentialsError: Missing credentials in config
at Object._errnoException (util.js:992:11)
at _exceptionWithHostPort (util.js:1014:20)
at internalConnect (net.js:960:16)
at defaultTriggerAsyncIdScope (internal/async_hooks.js:284:19)
at net.js:1058:9
at _combinedTickCallback (internal/process/next_tick.js:131:7)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
From previous event:
at PluginManager.invoke (/usr/local/lib/node_modules/serverless/lib/classes/PluginManager.js:390:22)
at PluginManager.run (/usr/local/lib/node_modules/serverless/lib/classes/PluginManager.js:421:17)
at variables.populateService.then.then (/usr/local/lib/node_modules/serverless/lib/Serverless.js:157:33)
at runCallback (timers.js:810:20)
at tryOnImmediate (timers.js:768:5)
at processImmediate [as _immediateCallback] (timers.js:745:5)
From previous event:
at Serverless.run (/usr/local/lib/node_modules/serverless/lib/Serverless.js:144:8)
at serverless.init.then (/usr/local/lib/node_modules/serverless/bin/serverless:43:50)
at <anonymous>
I have also changed my ~/.aws/credentials
file so that the named profile associated with my staging environment is the default profile, and this does work. However, it’s not a great solution as I’d really like to be able to use the same credentials file while deploying to different environments.
It seems clear from the observed behavior that there is some step in the serverless build process that is not passing the explicit profile name into an AWS SDK call, as the default behavior for the AWS SDK is to fall back to the default profile, but I have no idea how to figure out what step it is, or how to determine if this is a bug or a problem in my usage pattern.
I’d deeply appreciate any help anyone might offer in determining how best to fix this issue.
Yours
c