Use IAM role for deploying serverless on an EC2


#1

I am using a gitlab runner that is an EC2 to test and deploy my serverless code. I can’t figure out how to make serverless use my IAM role on the EC2 instance instead of using AWS access keys.

During the testing phase, I have to use the following line to set fake keys for the testing in the docker instance. If I eliminate this line, I get an error during my test that the keys are not available.

serverless config credentials --provider aws --key 1 --secret 2

Once the testing finishes it tries to run serverless deploy which of course fails because those keys are not real. How can I use the IAM role that is already on the EC2 instance? The role which is in place, currently has dynamoDB, lambda, cloudwatch, and xray full access. (I don’t use api gateway for my app). That should be enough, right?

(This is such a seemingly simple question, I’m sorry if it has already been asked but I was having a tough time searching the forums because there are so many posts about service roles for the things that serverless deploys so it was hard to differentiate those questions from the roles of instance that serverless runs on itself.)


#2

You’ll also need permissions to create CloudWatch Logs, API Gateway, etc. The minimum permissions required to deploy using Serverless is often discussed and rarely resolved. That’s why most people use accounts with admin access.


#3

Thanks for the reply- your comment makes it clear that I need to give the admin role to the EC2 server so that it can create all those cloudwatch logs and other stuff, which is great to know. Provided that I give the build server admin access then, how can I use a IAM role instead of an API access key?