使用 aws 角色执行无服务器部署 [英] execute serverless deploy with aws role

问题描述

我正在尝试使用无服务器框架部署一个简单的 lambda 函数.我的 IAM 用户没有运行 cloudformation 的必要权限:

I am trying to deploy a simple lambda funtcion with the serverless framework. My IAM user doesn't have the necessary permissions to run cloudformation:

User: arn:aws:iam::xxx:user/xxx is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:us-east-1:xxx:stack/xx

这或多或少是有意为之，因为我们的设置使用 IAM 角色来执行某些任务.我已经在 ~/.aws/config 中配置了这些角色文件，对于 aws cli 操作，我可以例如打电话

That's more or less intended, since our setup is using IAM roles to perform certain tasks. I have configured those roles in my ~/.aws/config file, and for aws cli operations I can e.g. call

aws s3 ls --profile myrole

通过这种方式，我将来自角色myrole"的所有策略附加到我的 IAM 用户以执行 aws-cli 命令.

in that way I attach all policies from the role 'myrole' to my IAM user to execute the aws-cli command.

有没有办法为无服务器做类似的事情，即将角色(不是不同的用户)附加到

Is there any way of doing something similar for serverless, i.e. attaching a role (not a different user) to the

serverless depoly 

声明?

如果我通过导出改变角色

If I change the role via export

AWS_PROFILE=myrole

或致电

无服务器部署 --aws-profile myrole

即使在 /.aws/credentials 和 ~/.aws/config 中定义了角色，我也收到 Error: Profile myrole does not exist代码>

I get Error: Profile myrole does not exist even though the role is defined in /.aws/credentials and ~/.aws/config

推荐答案

好的，我找到了一个解决方案来解决这个问题.显然，您需要将 AWS_SDK_LOAD_CONFIG 设置为一个真值，以便从共享配置 (~/.aws/config) 和共享凭证 (~/.aws/credentials) 文件中的配置值创建会话.

OK, I found a solution to get this working. Apparently you need to set AWS_SDK_LOAD_CONFIG to a truthy value, such that the Session will be created from the configuration values from the shared config (~/.aws/config) and shared credentials (~/.aws/credentials) files.

export AWS_SDK_LOAD_CONFIG=1

然后用

serverless deploy --aws-profile myrole

这篇关于使用 aws 角色执行无服务器部署的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！