npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

serverless-better-credentials

v2.0.0

Published

Better AWS credentials resolution plugin for serverless

Downloads

149,239

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thomasmichaelwallacethomasmichaelwallace

Keywords

serverlessawssso

Readme

Serverless Better Credentials

The Serverless Better Credentials plugin replaces the existing AWS credential resolution mechanism in the Serverless Framework with an extended version that:

  • Supports AWS Single Sign On natively.
  • Supports the credential_process mechanism for sourcing credentials from an external process.
  • Respects all of the configuration environmental variables that the javascript aws-sdk v2 supports (e.g. AWS_SHARED_CREDENTIALS_FILE / AWS_SDK_LOAD_CONFIG).

It is designed to be a drop-in replacement; respecting the current credentials resolution order and extensions already provided by the Serverless Framework.

Usage

  1. Install
npm install --save-dev serverless-better-credentials
# or
yarn add --dev serverless-better-credentials
  1. Configure

Add the following to your serverless.yml:

plugins:
  - serverless-better-credentials # as the first plugin
  # - ... other plugins

The following options are supported:

custom:
  betterCredentials:
    # Use this flag to turn off the plugin entirely, which you may want for certain stages.
    # Defaults to true.
    enabled: true

AWS Single Sign On (SSO) Support

AWS SSO profiles configured to work with the AWS CLI should "just work" when this plugin is enabled. This includes prompting and attempting to automatically open the SSO authorization page in your default browser when the credentials require refreshing.

Full details about how to configure AWS SSO can be found in the AWS CLI documentation.

Take note that if you are using SSO with the approach AWS document (a shared .aws/config file) you'll also need to set the AWS_SDK_LOAD_CONFIG enviornment value to something truthy (e.g. AWS_SDK_LOAD_CONFIG=1), as described in the AWS SDK documentation.

Other Credential Resolution

Credentials are resolved in the same order the Serverless Framework currently uses. This order is:

  • from profile: cli flag --aws-profile
  • from profile: env AWS_${STAGE}_PROFILE
  • from env - AWS_${STAGE}_X
  • from profile - AWS_PROFILE
  • from env - AWS_X
  • from profile - serverless.yml > provider.profile (unless --aws-profile is specified)
  • from config - serverless.yml > provider.credentials
  • from profile - AWS_DEFAULT_PROFILE || default
  • from the ECS provider
  • from the token file identity
  • from the EC2 instance metadata service

Where:

  • profile credentials resolve against the matching [profile_name] configuration:
  • env credentials resolve as EnvironmentCredentials (i.e. from the running process environment)
  • config credentials resolve directly as Credentials (i.e. from an explicitly set key id and secret)

Help and Support

If you have an issue, suggestion, or want to contribute, please open an issue or create a pull request and I'll take a look.

Troubleshooting

There are a handful of common issues that people have trying to run this plugin. Mostly they surround either the confusing way that AWS resolves credentials, or the way that the Serverless Framework loads plugins.

It's always worth trying the following steps (but feel free to raise an issue if you're still having problems):

  • If you're using an ~/.aws/config file, make sure you have AWS_SDK_LOAD_CONFIG=1 set in your environment
  • Make sure you're not using a global installation of serverless (e.g. run npm install --save-dev serverless in your project directory)

If you are having trouble in a CI/CD environment (like GitHub actions), it is probably because you are using a plugin that has migrated to AWS-SDK v3. The easiest workaround is to add a step where you create the ~/.aws/credentials file, for example:

mkdir -p ~/.aws
rm -rf ~/.aws/credentials
echo "[YOUR_PROFILE_NAME]" >> ~/.aws/credentials
echo "aws_access_key_id = ${AWS_ACCESS_KEY_ID}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}" >> ~/.aws/credentials
echo "aws_session_token = ${AWS_SESSION_TOKEN}" >> ~/.aws/credentials
echo "region = eu-west-1" >> ~/.aws/credentials
echo "output = json" >> ~/.aws/credentials