~/.aws profiles not respected
Closed this issue · 0 comments
What I believe is happening is when you are using ~/.aws/credentials, even if you deploy with "apex --profile myProfile deploy exec", when you invoke ./lambda-shell, it looks for the function on the default profile account.
this ignores the role set in the project file.
It seems the role in project.json must match "default".
assume project.json has the role for handspike.
[default]
aws_access_key_id=XXX
aws_secret_access_key=XXXSECRET
[handspike]
aws_access_key_id=YYY
aws_secret_access_key=YYYSECRET
When deployed as above without specifying handspike:
tteague@Sarah:/data/lambda-shell$ apex deploy exec
• creating function function=exec
⨯ Error: function exec: AccessDeniedException: Cross-account pass role is not allowed.
status code: 403, request id: d5db52c4-674a
^^^ What we expected, as role did not match.
// When deployed as above with handspike:
tteague@Sarah:/data/lambda-shell$ apex --profile handspike deploy exec
• config unchanged function=exec
• code unchanged function=exec
tteague@Sarah:/data/lambda-shell$ ./lambda-shell --profile handspike
λ$ ls
⨯ Error: function response: ResourceNotFoundException: Function not found: arn:aws:lambda:us-east-1:DEFAULTPROFILE:function:lambda-shell_exec:current
status code: 404, request id: 227afbaf-6748-11e6-abdd-d3fadecfd054
^^^ Not what we wanted. It is attempting to use default profile.
Reset ~/.aws/credentials to use handspike creds as default
# [default]
# aws_access_key_id=XXX
# aws_secret_access_key=XXXSECRET
[default]
# [handspike]
aws_access_key_id=YYY
aws_secret_access_key=YYYSECRET
// When deployed as above: (handspike creds are now default)
tteague@Sarah:/data/lambda-shell$ apex --profile handspike deploy exec
⨯ Error: function exec: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
^^^ expected, as handspike does not exist
tteague@Sarah:/data/lambda-shell$ ./lambda-shell --profile handspike
λ$ ls
⨯ Error: function response: ResourceNotFoundException: Function not found: arn:aws:lambda:us-east-1:DEFAULTPROFILE:function:lambda-shell_exec:current
status code: 404, request id: 52f510a1-6747-11e6-a982-5b9af751e97b
^^^ yep.
tteague@Sarah:/data/lambda-shell$ apex deploy exec
• config unchanged function=exec
• code unchanged function=exec
tteague@Sarah:/data/lambda-shell$ ./lambda-shell
λ$ ls
_apex_index.js
index.js
node_modules
package.json