This is a continuation of the errors encountered and the resolutions for the deployment of a function handler.

The credentials used for executing cli commands needs to be set beforehand only once. This option works very well for almost everyone. The only caveat is for the federated identity users who might not have a key and secret issues. The recommended approach in this case is to request the root user to take this specific action.

 

AWS has provisions to generate temporary programmatic credentials via its secure token server that can be utilized to perform command line actions. The use of this credentials requires account level privileges for a one-time setup that many federated users might not have. Hence, the request to the root user to enable the above-mentioned command to be executed.

 

The following are some of the ways to generate the credentials for command-line usages:

1.

 

a. aws configure sso

SSO session name (Recommended): my-sso

SSO start URL [None]: https://my-sso-portal.awsapps.com/start

SSO region [None]: us-east-1

SSO registration scopes [None]: sso:account:access

CLI default client Region [None]: us-west-2<ENTER>

CLI default output format [None]: json<ENTER>

CLI profile name [123456789011_ReadOnly]: my-dev-profile<ENTER>

 

b. aws configure sso-session

 

Signing in and getting credentials:

aws sso login --profile my-dev-profile

aws sso login --sso-session my-dev-session

aws sts get-caller-identity --profile my-dev-profile

aws s3 ls --profile my-sso-profile

aws sso logout

 

 

2. One can configure the AWS Command Line Interface (AWS CLI) to use an IAM role by defining a profile for the role in the ~/.aws/config file.

[profile marketingadmin]

role_arn = arn:aws:iam::123456789012:role/marketingadminrole

source_profile = default

 

3. Clearing cached credentials:

del /s /q %UserProfile%\.aws\cli\cache

 

4. Using credentials process with:

credential_process = "C:\Path\To\credentials.cmd" parameterWithoutSpaces "parameter with spaces"