assuming role

Question

assuming role

kmarquardsen opened this issue 8 years ago · 5 comments

regarding https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-net/.env.template#L14-L16 is there a simple way to assume a role via the sls framework? I'm currently trying that but via a function that uses https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRole. How do folks typically handle this?

Answer 1 · 2017-09-05T21:00:42.000Z

ah I found https://serverless.com/framework/docs/providers/aws/guide/iam/

Answer 2 · 2017-09-07T12:56:05.000Z

I use https://github.com/remind101/assume-role, which I also modified to work with powershell.

So basically

you copy the .env.template into your .env file.
Populate everything but leave out the AWS credentials. They will be populated out of your shell later.
run assume-role which sets up the env vars in your shell which are valid for 1 hour
when you run the make targets, the docker-compose will pickup the .env file
any variables in your .env that don't have a =VALUE will automatically load the variable from your shell.

So basically I rely on docker to interpolate all my env vars and use assume-role to poulate the env vars. I should probably do a more detailed doc on this one.

Answer 3 · 2017-09-07T18:28:55.000Z

cool, yeah I was able to do it via the SAM example I linked. After polishing things up I can add an example of that as well

Answer 4 · 2017-09-08T00:15:19.000Z

nice one, I'll leave this one open to be referenced by your PR then. Thanks!

Answer 5 · 2017-11-16T22:09:19.000Z

closing this. easiest way would be to follow https://serverless.com/framework/docs/providers/aws/guide/iam/#custom-iam-roles and allow an action with sts:AssumeRole