Not respecting AWS Profile

Question

Not respecting AWS Profile

lucasklaassen opened this issue 7 years ago · comments

We are using multiple AWS profiles for our different stages: production, staging and development.

This VPC plugin just uses the default profile from serverless. It doesn't respect the profile the app is using.

The current workaround I am using is to export an environment variable with the profile we are using and then I've added the following lines to the VPCPlugin constructor:

var credentials = new AWS.SharedIniFileCredentials({profile: process.env.AWS_PROFILE});
AWS.config.credentials = credentials;

Does anyone have a better workaround? I know this repo is pretty new but it would be cool if we could build aws_profile support!

Johnathan Constance · Answer 1 · Thu Jun 08 2017 21:42:21 GMT+0800 (China Standard Time)

Thanks for the issue! I'm glad to see someone already trying to make use of the plugin.

Just to confirm my understanding of the issue, the plugin should already be respecting the value of the AWS_PROFILE envvar. The AWS Javascript SDK docs seem to suggest that that should be working by default, and I can confirm with local testing.

Is the issue you're experiencing instead around defining the aws-profile through the serverless provided --aws-profile option and/or setting the profile option under your provider config in your serverless.yml file?

Lucas Klaassen · Answer 2 · Thu Jun 08 2017 23:32:05 GMT+0800 (China Standard Time)

@jconstance-amplify thanks for the quick response. Ah great, yes you are correct, the SDK does respect the AWS_PROFILE environment variable. So that works.

So right now I'm having to run export AWS_PROFILE=staging before deploying to staging.

It would be cool if we could pick up on the serverless profile that's included in the serverless.yml file when deploying for the VPC configuration.

If this plugin could read the profile from my serverless.yml file then when I run serverless deploy --stage staging or serverless deploy --stage production it would pick up on the profile correctly.

I'm using variables within my serverless.yml file to dynamically set the profile based on the stage, so if you are to read the profile from serverless.config within this plugin, it will have to evaluate the variables.

This is what the config looks like:

provider:
  name: aws
  runtime: nodejs6.10
  region: us-west-2
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:provider.stage}

custom:
  defaultStage: development

Johnathan Constance · Answer 3 · Fri Jun 09 2017 03:30:05 GMT+0800 (China Standard Time)

@lucasklaassen Alright, thanks for helping to clear that up. I agree that this is a valid use case for this plugin to handle. I'm gonna ask @wongJonathan to try to look at this over the next couple of days. It seems like we should be able to get our AWS credentials from the AWS provider in serverless, which should be handling this use case already. So we'll try that first.

Lucas Klaassen · Answer 4 · Fri Jun 09 2017 04:55:11 GMT+0800 (China Standard Time)

Appreciate your help on this!

Lucas Klaassen · Answer 5 · Sat Jun 10 2017 07:45:30 GMT+0800 (China Standard Time)

@jconstance-amplify @wongJonathan so it appears that you cannot reference variables from the serverless.yml file that are dynamically generated via their custom syntax ${}.

Ideally, it would be sweet if we could read the profile key in serverless.yml and load the AWS credentials for it. Right now it would try and load the credentials for the literal string ${self:provider.stage}. It would be sweet if we could parse this variable correctly, which should equate to production staging or development.

I've searched through a bunch of other serverless AWS plugins to see if any of them are able to do this and I've looked at how serverless is parsing the variables from the serverless.yml file and I can't figure out a good global way to implement it.

Does this use case make sense to you guys? I'll be exporting my AWS_PROFILE for the time being. (this works fine)

Jonathan Wong · Answer 6 · Mon Jun 12 2017 21:28:50 GMT+0800 (China Standard Time)

Thanks for the feedback! If I'm understanding the issue correctly there is a problem where the custom variable is not being replaced when you deploy. If so that should be a minor fix that I can patch by the end of the day.

Jonathan Wong · Answer 7 · Wed Jun 14 2017 03:55:50 GMT+0800 (China Standard Time)

@lucasklaassen I've made some changes to the plugin that will hopefully solve some of the issues that came up. Please let me know if it works for you!

Lucas Klaassen · Answer 8 · Thu Jun 15 2017 00:33:58 GMT+0800 (China Standard Time)

@wongJonathan congratulations, you fixed the issue! Thank you so much for your hard work and determination!

I am no longer required to export AWS_PROFILE=staging or export AWS_PROFILE=production when deploying using the command sls deploy --stage staging --env STAGING.