iopipe/lambda-shell

~/.aws profiles not respected

Closed this issue · 0 comments

illperipherals commented

What I believe is happening is when you are using ~/.aws/credentials, even if you deploy with "apex --profile myProfile deploy exec", when you invoke ./lambda-shell, it looks for the function on the default profile account.
this ignores the role set in the project file.

It seems the role in project.json must match "default".

assume project.json has the role for handspike.

[default]
aws_access_key_id=XXX
aws_secret_access_key=XXXSECRET

[handspike]
aws_access_key_id=YYY
aws_secret_access_key=YYYSECRET

When deployed as above without specifying handspike:

tteague@Sarah:/data/lambda-shell$ apex deploy exec
   • creating function         function=exec
   ⨯ Error: function exec: AccessDeniedException: Cross-account pass role is not allowed.
        status code: 403, request id: d5db52c4-674a

^^^ What we expected, as role did not match.

// When deployed as above with handspike:

tteague@Sarah:/data/lambda-shell$ apex --profile handspike deploy exec
   • config unchanged          function=exec
   • code unchanged            function=exec
tteague@Sarah:/data/lambda-shell$ ./lambda-shell --profile handspike
λ$ ls
   ⨯ Error: function response: ResourceNotFoundException: Function not found: arn:aws:lambda:us-east-1:DEFAULTPROFILE:function:lambda-shell_exec:current
        status code: 404, request id: 227afbaf-6748-11e6-abdd-d3fadecfd054

^^^ Not what we wanted. It is attempting to use default profile.

Reset ~/.aws/credentials to use handspike creds as default

# [default]
# aws_access_key_id=XXX
# aws_secret_access_key=XXXSECRET

[default]
# [handspike]
aws_access_key_id=YYY
aws_secret_access_key=YYYSECRET

// When deployed as above: (handspike creds are now default)

tteague@Sarah:/data/lambda-shell$ apex --profile handspike deploy exec
   ⨯ Error: function exec: NoCredentialProviders: no valid providers in chain. Deprecated. 
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors

^^^ expected, as handspike does not exist

tteague@Sarah:/data/lambda-shell$ ./lambda-shell --profile handspike
λ$ ls
   ⨯ Error: function response: ResourceNotFoundException: Function not found: arn:aws:lambda:us-east-1:DEFAULTPROFILE:function:lambda-shell_exec:current
        status code: 404, request id: 52f510a1-6747-11e6-a982-5b9af751e97b

^^^ yep.

tteague@Sarah:/data/lambda-shell$ apex deploy exec
   • config unchanged          function=exec
   • code unchanged            function=exec
tteague@Sarah:/data/lambda-shell$ ./lambda-shell
λ$ ls
_apex_index.js
index.js
node_modules
package.json