You can use the Serverless Framework Dashboard to set up an AWS Access Role to help you secure your service deployments on AWS by enabling the Serverless Framework to issue temporary AWS Access Keys to deploy your services to AWS.
With AWS Access Roles the AWS Access Keys are generated by Serverless Framework on every command and the credentials expire after one hour. The Serverless Framework leverages AWS Security Token Service and the AssumeRole API to automate creating and usage of temporary credentials, so your developers can stay productive and work securely without doing this manually.
If you do not use the Serverless Framework Dashboard to set up an AWS Access Role, then you will need to configure your Serverless Framework open source CLI to use the AWS Access Keys stored in environment variables or AWS Profiles.
Before you run
serverless deploy ensure that the Serverless Framework open-source CLI is resolving the new AWS Access Keys from the Serverless Framework Dashboard.
This command requires authentication therefore requires that the AWS Access Keys from the Serverless Framework Dashboard to be resolved. You should expect this command to succeed.
You don't have to do anything in your
serverless.yml file. When you run
sls deploy the Serverless Framework will identify the deployment profile associated with the application or stage and it will generate the AWS Access Keys using the associated AWS Access Role automatically.
That’s it! You are now ready to deploy using your AWS Access Roles.