Resolved credential object is not valid
adminy opened this issue ยท 7 comments
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Bug Report
Command Run
npx sls deploy --stager dev --region eu-west-1
Console Output
Error:
Error: V2 - Unable to fetch information about 'sub.domain.name.com':
Resolved credential object is not valid
at APIGatewayV2Wrapper.<anonymous> (/root/repos/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js:80:27)
at Generator.throw (<anonymous>)
at rejected (/root/repos/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js:6:65)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
1 deprecation found: run 'serverless doctor' for more details
rverless-domain-manager/dist/src/aws/api-gateway-v2-wrapper.js Domain Manager Configuration
custom:
customDomain:
apiType: http
endpointType: regional
securityPolicy: tls_1_2
stage: ${self:provider.stage}
domainName: sub.domain.name.com
certificateName: "*.domain.name.com"
createRoute53Record: false
createRoute53IPv6Record: false
autoDomain: trueVersions
- Domain Manager version(s): [7.2.1]
- Node/npm version: [Node 18.18.0/npm 9.8.1]
- Serverless Version: [3.34.0]
- Lambda Code [Python]
Hi @adminy
I believe it's related to the 1 deprecation found: run 'serverless doctor' for more details
Have you updated the packages?
Could you please try the latest version?
This issue happens when you use an AWS_DEFAULT_PROFILE different than default. Even if you set the variable to the different profile the plugin doesn't read that, instead it always looks for the default credentials.
how come pretty much every other plugin is fine finding the profile you're using, this one is picky about which profile name you should use? @Dvelezs94 can it not be hardcoded to default please? Thanks
Otherwise even if you set the profile to default, you get:
Error: V1 - Unable to fetch information about 'the_example_site.subdomain.com':
Profile is configured with invalid SSO credentials. Required parameters "sso_account_id",
"sso_region", "sso_role_name", "sso_start_url". Got output, region, sso_region, sso_start_url, aws_access_key_id, aws_secret_access_key, aws_session_token
Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
at APIGatewayV1Wrapper.<anonymous> (/root/repos/LossTrackerShim/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:77:27)
at Generator.throw (<anonymous>)
at rejected (/root/project/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:6:65)
because it still has to match what's in the ~/.aws/config file and in there you may have 10+ profiles, for each of the stages or accounts. I woudn't wanna change default profile every time in the config file just for this plugin.
I'm encountering a similar issue as well.
I'm utilizing Identity Center (AWS SSO) along with the serverless-better-credentials plugin for my setup. This plugin retrieves the profile from the AWS_PROFILE=XXX variable.
However, I encounter an error with serverless-domain-manager stating: The SSO session token associated with profile=XXX was not found or is invalid.
It's worth noting that if I execute aws sso login prior to deployment, I can avoid this issue. (The downside is that it requires double authentication.)
bash-5.2# sls deploy
...
[serverless-better-credentials]
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:
https://device.sso.ap-northeast-1.amazonaws.com/
Then enter the code:
****-****
โ serverless-better-credentials: credentials resolved from config SsoCredentials: AWS_PROFILE (XXX)
...
ร Stack *** failed to deploy (115s)
Environment: linux, node 20.11.0, framework 3.35.2 (local) 3.34.0v (global), plugin 7.0.5, SDK 4.4.0
Credentials: Local, environment variables
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: V1 - Unable to fetch information about '***':
The SSO session token associated with profile=XXX was not found or is invalid. To refresh this SSO session run 'aws sso login' with the corresponding profile.
at APIGatewayV1Wrapper.<anonymous> (/app/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:77:27)
at Generator.throw (<anonymous>)
at rejected (/app/node_modules/serverless-domain-manager/dist/src/aws/api-gateway-v1-wrapper.js:6:65)
This issue happens when you use an
AWS_DEFAULT_PROFILEdifferent thandefault. Even if you set the variable to the different profile the plugin doesn't read that, instead it always looks for the default credentials.
Hi there
The AWS_DEFAULT_PROFILE is not preferred to use.
It might have been deprecated in favor of AWS_PROFILE.
Here is the explanation aws/aws-cli#1748
Does it work for you with the plugin version v6.x?