How does serverless works with amazon AWS Access Role?

Question

I have read a documentation but usage of temporary credentials is unclear to me. Ok I logined to aws console and create some role.

You don't have to do anything in your serverless.yml file. When you run sls deploy the Serverless Framework will identify the deployment profile associated with the application or stage and it will generate the AWS Access Keys using the associated AWS Access Role automatically.

How serverless framework kowns where to get credentials? What Account to use? It looks like serverless can connected to any account with any credentials just with usage of developer mind. :)

P.S. I do not have hands off knoledge about AWS Access Role if it have some specifics please clarify this.

Answer 1

I am a Solutions Architect at Serverless, Inc. The scenario you mention only applies if you have an account at dashboard.serverless.com, have set up a deployment profile in that account connected to your AWS account via a role you create in AWS and then set up one of your services to have an applicable app and org setting in the serverless.yml.

Then, on the CLI, you run serverless login, you login into your Serverless account which stores credentials on your local machine (there is an alternate headless method for CI/CD systems, etc). Now, when you run serverless deploy the framework sees the app and org settings, sees you are logged in, confirms that your user account is associated to that org and app, checks to see if there is an access role set in the associated deployment profile and if so, retrieves temporary access credentials from your AWS account for that specific deployment.

If you would like to see a video going through the process. see here: https://www.youtube.com/watch?v=KTsWDCXvxqU