I’ve got an unusual situation where I’m programmatically launching the Serverless Framework within a Lambda function and I’m running into assumed role issues that seems to be pointing to the idea that the framework is using the role of the outer function instead of the creds I’m passing it.
The -v switch doesn’t help reveal what creds are being used, but I was wondering if anybody else ran into another way to reveal which set of creds are being used by the framework code. I’ve tried setting the creds using both
serverless config credentials
and environment variables. I suspect that either the framework isn’t picking up the creds because of the unusual nature I’m launching it or there’s some sort of role trust I need to set up in IAM.
Found what was going on here and wanted to share in case others run into it.
Turns out, if you simply try to:
serverless config credentials --provider provider --key key --secret secret
That’ll sure write your ~/.aws/credentials file but it’ll put the creds under [default] and since, in my case, I’m already running in the context of a Lambda function the default is already taken by the user/role assigned to my outer Lambda.
But if instead you:
serverless config credentials --provider provider --key key --secret secret --profile <some profile name>
serverless config deploy --aws-profile <some profile name>
It’ll pick it up correctly. Weird corner case that I may be the only person to have to deal with, but since I found the answer I wanted to post it. Got hung up for an hour not realizing that the write used --profile but the read used --aws-profile 8(.