serverless icon indicating copy to clipboard operation
serverless copied to clipboard
verified publisher icon serverless

AWS profile "default" doesn't seem to be configured

Open waynerobinson opened this issue 4 years ago • 11 comments

If we're deploying directly from an AWS instance which has a role with adequate permissions for the deploy already (without roleArn, accessKeyId or sessionToken Serverless raises the mentioned exception.

https://github.com/serverless/serverless/blob/341a886874eb8a6c671f576323e75a77cffa1fd2/lib/plugins/aws/provider.js#L127-L139

Our ~/.aws/config file just looks like this and is adequate to access all the resources required:

[default]
region = ap-southeast-2

waynerobinson avatar Apr 08 '21 23:04 waynerobinson

Hello @waynerobinson, thanks for reporting and sorry to hear that you've run into trouble. We're planning a bigger refactoring to AWS credentials handling which in it's current form, unfortunately, has some quirks, including the one you listed. I don't have an ETA for that refactoring. In the meantime, while not ideal, you might try setting the role_arn explicitly in ~/.aws/config.

pgrzesik avatar Apr 12 '21 12:04 pgrzesik

@pgrzesik Glad to hear you guys are actively working on this. I have the same issue where we use assumed role in ~/.aws/config and there is no credentials file. However, setting role_arn as you suggested does not work. It still errors out with AWS profile "xxxx" doesn't seem to be configured. I have also set AWS_SDK_LOAD_CONFIG=1. But same thing. My serverless is on v2.44.0.

Is there a workaround even though it's ugly at the moment?

DavidHe1127 avatar Jun 09 '21 13:06 DavidHe1127

Hello @DavidHe1127 - I don't think we really have a good workaround for that problem at the moment. One that comes to my mind would be to call sts assume-role via aws-cli and setting the obtained credentials to environment variables.

pgrzesik avatar Jun 09 '21 16:06 pgrzesik

@pgrzesik thanks for your swift response. Much appreciated. Will give that a try and let you know

DavidHe1127 avatar Jun 10 '21 00:06 DavidHe1127

Hello @DavidHe1127,

I guess that I got a workaround for this issue, I basically have the same credential environment like yours and I needed to do some stuffs, as below:

  • First, I needed to replicate my credentials file (~/.aws/credentials) to the config file (~/.aws/config) that contains ALL structure, content example:

[profile blabla] role_arn = arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME credential_source = Ec2InstanceMetadata role_session_name = whatever region = us-east-1 output = json

  • After that, It's necessary to clean the cache ($ sudo rm -rf ~/.aws/cli/cache)

  • Here in the company, we use docker to build serverless, and It's necessary to change the traditional way (access key/secret key) to this one (assume role), below the before and after commands:

# BEFORE: docker run -v ~/.aws:/root/.aws -v $(pwd):/opt/lambda
-w /opt/lambda node:12 /bin/bash -c
"npm install &&
npm install [email protected] -g &&
serverless deploy -v --skipResources --unsafe-perm --aws-profile=blabla"

# AFTER: docker run -v ~/.aws:/root/.aws -v $(pwd):/opt/lambda
-w /opt/lambda node:12 /bin/bash -c
"npm install &&
npm install [email protected] -g &&
serverless deploy -v --skipResources --unsafe-perm -e AWS_PROFILE=blabla"

Holp this helped!

tfpereira93 avatar Sep 10 '21 19:09 tfpereira93

Just FYI, it means that SSO is not supported at all. Marvelous!

pkit avatar Apr 13 '22 14:04 pkit

Hi @tfpereira93

I tried your solution but don't seem to be able to make it work

Environment: linux, node 16.18.0, framework 3.24.1 (local) 3.23.0v (global), plugin 6.2.2, SDK 4.3.2

I have the below setup in place

cat /root/.aws/credentials.new

[profile experimental]
credential_source = Ec2InstanceMetadata
role_arn = arn:aws:iam::298628492607:role/BuildKiteRole
role_session_name = whatever
region = ap-southeast-2
output = json

rm -rf /root/.aws/cli/cache

When running

AWS_PROFILE=experimental AWS_SHARED_CREDENTIALS_FILE=/root/.aws/credentials.new serverless deploy

I get

Error:
--
  | Cannot resolve serverless.yml: Variables resolution errored with:
  | - Cannot resolve variable at "custom.alerts.topics.ok": AWS profile "experimental" doesn't seem to be configured

The template snipped that is causing the error

custom:
  # Alerts
  alerts:
    topics:
      ok:
        ${ssm(raw):${env:SNS_NOTIFICATION_LIST, '/coviu/SNSNotificationListARN'}}

Any idea? Am I missing something?

sopeters avatar Nov 09 '22 02:11 sopeters

My (fully working in production) solution is as follows:

pkit avatar Nov 20 '22 14:11 pkit

My solution to use AWS SSO with the Serverless CLI, was to use AWS Vault, like:

aws-vault exec <profile-name> --  serverless deploy --stage development --verbose --region <region>

deanmalan avatar Jan 17 '23 12:01 deanmalan

I use aws-vault too, but my problem was that I had AWS_PROFILE env var manually set. After removing it, it worked.

itsjavi avatar Jan 04 '24 09:01 itsjavi