I’ve had to read both @menocomp answer and the AWS doc to figure it out, but here is a full working example for those interested!
This setup is to configure one profile named development, which will work whether it’s executed from aws CLI command or sls CLI command. This is assuming that you want to setup a cross-account access, by providing a role_arn to the aws configuration.
~/.aws/config
[profile development]
output = json
region = eu-west-1
role_arn = your-arn
source_profile = development
~/.aws/credentials
[development]
# Necessary for both AWS CLI and SLS
aws_access_key_id = your-aws_access_key_id
aws_secret_access_key = your-aws_secret_access_key
# Necessary for SLS, because SLS doesn't do a lookup in the ./config file
role_arn = your-arn
source_profile = development
With this setup:
-
sls deploy --aws-profile developmentwill work -
aws iam list-users --profile developmentwill output something similar to:
{
"Users": []
}
If you remove the role_arn and source_profile from ~/.aws/credentials, you’ll notice it may still work (depending on your permissions, doesn’t work at all in my case because my IAM user doesn’t have any permission on the root account), but you won’t hit the same account (you’ll hit the root account, not the cross-account)
Thanks for your input @menocomp, definitely saved me a lot of time! 