I have multiple named profiles in ~/.aws/credentials and specified one of them (copy/pasted to be sure) in my serverless.yml file. sls invoke local -f fnName works but sls invoke fnName does not. After inserting some log statements I am getting the following from AWS
{ Error: ENOENT: no such file or directory, open '/home/sbx_user1075/.aws/credentials', ... }
It seems that the credentials are not making their way to Amazon hence the error. My Lambda function is trying to save an object to S3 with code like:
let awsConfig = {
credentials: new AWS.SharedIniFileCredentials({profile:'someProfile'})
}
const s3 = new AWS.S3(awsConfig);
return s3.putObject({
Bucket: bucket,
Key: key,
Body: body,
ContentType: 'application/rss+xml'
}).promise();
How does the AWS sandbox credentials file get updated by SLS?
The sls invoke command is going to be run in Lambda, so it’s not going to have access to your local credentials. Your local credentials will not be (and should not be) uploaded in to the Lambda service.
Your functions take their permissions from the IAM Role that is created and assigned by Serverless when it generates your service. The default permissions includes access to do things like log to CloudWatch, etc. You can add permissions to the default role created, or you can create a custom role for your functions, but this is more complicated.