You can use the Serverless Framework Dashboard to set up an AWS Access Role to help you secure your service deployments on AWS by enabling the Serverless Framework to issue temporary AWS Access Keys to deploy your services to AWS.
If an Access Role is not configured, the Serverless Framework service will use AWS Access Keys stored in environment variables or AWS Profiles to deploy your service.
With AWS Access Roles the AWS Access Keys are generated by Serverless Framework on every command and the credentials expire after one hour. The Serverless Framework leverages AWS Security Token Service and the AssumeRole API to automate creating and usage of temporary credentials, so your developers can stay productive and work securely without doing this manually.
If you do not use the Serverless Framework Dashboard to set up an AWS Access Role, then you will need to configure your Serverless Framework open source CLI to use the AWS Access Keys stored in environment variables or AWS Profiles.
- Open the Dashboard
- Once logged in, click "profiles" near the top of the page.
- Navigate to the profile you would like to configure with the AWS Access Role.
- In the AWS credential access role tab, expand the "how to add a role".
- Follow the directions which will take you through creating an IAM Role for the Serverless Framework.
- Click "save changes" in the deployment profile to save the IAM Role ARN to the profile.
You don't have to do anything in your serverless.yml file. When you run sls deploy the Serverless Framework will identify the deployment profile associated with the application or stage and it will generate the AWS Access Keys using the associated AWS Access Role automatically.
That’s it! You are now ready to deploy using your AWS Access Roles.
serverless deploy