Using IAM Role instead of IAM Users

[sonneym]

I might be wrong, but when I checked the serverless components are deployed only with user's AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. It would be nice to be able to support IAM Role and AWS_SESSION_TOKEN. IAM roles usage is a nice best practice, instead of using permanent IAM User credentials.

[eahefnawy]

That makes sense. We will be updating how we handle credentials soon as we're working on a remote deployment engine. We have support for this planned.

[lytvynenko]

Hi @eahefnawy! Any updates related to this issue?

[daaru00]

Hi all,

could it make sense to directly use the credentials managed by the Serverless Dashboard? when connecting an environment it reports:

Setup your AWS account with an IAM role so Serverless can deploy directly to your account for this stage

it works for base version of Serverless but not for components, it would be nice to manage them in the same way without the need to manage credentials locally.

In my use case I just can't use the IAM user credentials with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. We use the assume role feature to jump into organization's accounts and developers don't have the ability to create new users inside "child" account. Basically it is impossible for us to deploy on these infrastructures.