Use AWS SSO on sls

Hello, I had configured SSO on my AWS accounts and I’m using the AWS CLI with it and everything works fine. My problem now is when I try to use serverless framework, it’s looks like sls don’t find the profiles configured with SSO, because they are not in the /.aws/credentials file, SSO use an access tokens to generate that temp credentials tokens stored in /.aws/sso/cache/****.json

There is a way to use SSO with sls, I would like to run the command ‘serverless deploy --stage dev’ and sls generate if it is necessary the new credentials.

The error Im getting:
Error: Profile dev-profile does not exist
at Object.addProfileCredentials (lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:101:15)

3 Likes

Did you do with Cognito? I could connect and use sso with kotlin, but without sls.

1 Like

I guess it’s a side effect of how you are logging into SSO?

With Google AWS SSO, this CLI worked for me.

1 Like

I’m having the same issue. I’m working with 15+ AWS Accounts and I’m logging trough CLI with:
aws sso login --profile profileName

Does anyone have a clue on how to tell to serverless to work with AWS SSO?

2 Likes

for now the only solution I have is to login with sso on the web page and import the temp credentials on the terminal

1 Like

As far as I understand sls is looking for the credentials on the /.aws/credentials file and when you login using sso the credentials aren’t there. They are created on the fly using and api.
I don’t fully understand what are you using, gsts is a replacement for aws cli? because my problem is with sls not with aws cli, if I use aws cli directly its works fine.

1 Like

Yes, you are right. It seems that sls does not support AWS SSO credentials.

That could be related or not?

1 Like

Hi. I had the same problem with Terraform. I made a help util to setup profiles in ~/.aws/credentials from SSO for me, https://github.com/PredictMobile/aws-sso-credentials-getter.

1 Like

Just if someone is facing the same error, what im doing for now is copy and pasting the “Command line or programmatic access” variables that AWS gives you (just next to the “Management console” link). Those have some expiration time, so you will need to do this each time you need to do something on the terminal but is not a big security risk. Any way it would be awesome to have this working correctly with SSO.-

I would love to have this working natively. As a workaround, I’m currently using ‘yawsso’ to sync SSO credentials. Works pretty well for multiple profiles.

The issue was opened: https://github.com/serverless/serverless/issues/7567

And it seems that depends on an AWS issue: https://github.com/aws/aws-sdk-js/issues/2772

It looks like we will have to wait for a native solution…

1 Like

Hello guys! Maybe you can check this project: https://github.com/Noovolari/leapp

Is not a solution per se on this issue but it’s a third party tool to help make AWS SSO compatible with AWS CLI v2 as well as many other tools that manage temporary credentials. It conects with your AWS SSO getting all your account and roles, then it creates temporary credentials and stores them in .aws/credentials instead of default aws sso path which is often not read by libraries or sdks.

1 Like

Hi! very usefull and clear!
Thanks!

Didn’t work for me. I have Ubuntu. This package only throwing the error Profile not found.
I used after installing as: ssocred default

I have followed all methods explained in the above thread but no success. Any one here with a solution/ workaround for this with clear steps.
thanks.