Use AWS SSO on sls

Hello, I had configured SSO on my AWS accounts and I’m using the AWS CLI with it and everything works fine. My problem now is when I try to use serverless framework, it’s looks like sls don’t find the profiles configured with SSO, because they are not in the /.aws/credentials file, SSO use an access tokens to generate that temp credentials tokens stored in /.aws/sso/cache/****.json

There is a way to use SSO with sls, I would like to run the command ‘serverless deploy --stage dev’ and sls generate if it is necessary the new credentials.

The error Im getting:
Error: Profile dev-profile does not exist
at Object.addProfileCredentials (lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:101:15)

2 Likes

Did you do with Cognito? I could connect and use sso with kotlin, but without sls.

I guess it’s a side effect of how you are logging into SSO?

With Google AWS SSO, this CLI worked for me.

I’m having the same issue. I’m working with 15+ AWS Accounts and I’m logging trough CLI with:
aws sso login --profile profileName

Does anyone have a clue on how to tell to serverless to work with AWS SSO?

1 Like

for now the only solution I have is to login with sso on the web page and import the temp credentials on the terminal

As far as I understand sls is looking for the credentials on the /.aws/credentials file and when you login using sso the credentials aren’t there. They are created on the fly using and api.
I don’t fully understand what are you using, gsts is a replacement for aws cli? because my problem is with sls not with aws cli, if I use aws cli directly its works fine.

Yes, you are right. It seems that sls does not support AWS SSO credentials.

That could be related or not?

Hi. I had the same problem with Terraform. I made a help util to setup profiles in ~/.aws/credentials from SSO for me, https://github.com/PredictMobile/aws-sso-credentials-getter.

I was facing same issue, but i am login with sso on the web page, it solved issue for me.
AWS Classes in Pune

Just if someone is facing the same error, what im doing for now is copy and pasting the “Command line or programmatic access” variables that AWS gives you (just next to the “Management console” link). Those have some expiration time, so you will need to do this each time you need to do something on the terminal but is not a big security risk. Any way it would be awesome to have this working correctly with SSO.-

I would love to have this working natively. As a workaround, I’m currently using ‘yawsso’ to sync SSO credentials. Works pretty well for multiple profiles.