Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Serverless can't deploy when using a linked profile with mfa_serial

See original GitHub issue

Hi all,

I’m having an issue where I can’t deploy to AWS with serverless when using linked profiles. My config and credentials files look like this:

(deploying to the application account)

config

[profile master]
output = json
region = eu-central-1

[profile application]
output = json
region = eu-central-1
source_profile = master

credentials

[master]
aws_access_key_id = AAAA12345678...
aws_secret_access_key = abcd12345...
mfa_serial = arn:aws:iam::123456789012:mfa/a.guy.called.luke

[application]
role_arn = arn:aws:iam::098765432109:role/Deployment
source_profile = master
mfa_serial = arn:aws:iam::123456789012:mfa/a.guy.called.luke

It seems like this issue is caused by the way that serverless parses the config file. It doesn’t handle the case where there is an mfa_serial entry in the credentials file.

Might I suggest using the credentials resolver that comes built into the AWS SDK? It handles all this kind of stuff automatically.

Thanks 😃

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:4
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
HyperBraincommented, May 18, 2017

@pmuens @eahefnawy I think the real problem here is, that only the credentials are loaded from the profile if present, but not the region see here. The correct fix should be, that the getRegion() method would query the profile (if present) and use the region from that too in its evaluation (using the impl class).

Nevertheless the region overwrite in validate should be changed to use getRegion() to set the options property. It ensures that options is set correctly. With that change the system would be consistent and support for profile regions would be implicit.

0reactions
pmuenscommented, Feb 12, 2019

Closing since this issue is quite stale and we’ve published newer versions with fixes for this in the past. Feel free to re-open if this is still an issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

sls deploy not waiting for MFA to be entered #11417 - GitHub
Add mfa_serial, role_arn, and source_profile to non-default entry; Run AWS_PROFILE=profileName sls deploy. Below is an example aws config. [ ...
Read more >
How to use MFA with AWS CLI? - Stack Overflow
When I call aws s3 ls --profile my_admin_role it says Enter MFA code: , after I paste in the code it returns the...
Read more >
AWS Credentials - Serverless Framework
Login to your AWS Account and go to the Identity & Access Management (IAM) page. · Click on Users and then Add user....
Read more >
AWS Lambda, Serverless - Assuming Roles with MFA
Now set AccessKeyId, SecretAccessKey and SessionToken in mfa profile's credentials. Try deploying the service again using sls deploy command and ...
Read more >
The Serverless Revolution Has Stalled | Hacker News
Industry experts with a financial incentive to promote serverless went on stage and told me they can't debug their code, or run it...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add sls config commands

Next page

Allow for escaping of variable syntax in `serverless.yml`