serverless-kms-secrets icon indicating copy to clipboard operation
serverless-kms-secrets copied to clipboard

Published 20 hours ago verified publisher icon nordcloud

Doesn't work with serverless invoke local

Open GusRuss89 opened this issue 6 years ago • 1 comments

I followed the instructions to get the encryption and decryption working in my deployed functions, but it doesn't work with serverless invoke local. Did I miss something?

Here are some excerpts from my serverless.yml

plugins:
  - serverless-webpack
  - serverless-kms-secrets

provider:
  name: aws
  runtime: nodejs6.10
  iamRoleStatements:
    - Effect: Allow
      Action:
        - KMS:Decrypt
      Resource: ${self:custom.kmsSecrets.keyArn}
  environment:
    MY_VARIABLE_NAME: ${self:custom.kmsSecrets.secrets.MY_VARIABLE_NAME}

custom:
  serverless-kms-secrets:
  kmsSecrets: ${file(kms-secrets.${opt:stage, self:provider.stage}.${opt:region, self:provider.region}.yml)}

This works when I deploy and test the function, but not when I try to invoke it locally. Here's my command for invoking the function locally.

sls invoke local --function create-address --path test/requests/createAddressValid.json --stage dev --region us-east-1

Have I missed something or does it not work with serverless invoke local?

GusRuss89 avatar Mar 08 '18 05:03 GusRuss89

When you invoke local, you're not executing in a Lambda, so the Decrypt permissions don't apply.

atwoodjw avatar May 18 '18 20:05 atwoodjw