https://serverless-stack.com/ logo
#help
Title
# help
j

John Stephen Soriao

04/19/2022, 12:04 AM
I’m having a problem using aws-vault with an MFA enabled IAM user when calling an aws service (dynamodb in my case) from a lambda using boto3 (maybe any aws sdk too). I have the proper config
Copy code
[profile myprofile]
mfa_serial=arn:aws:iam::***:mfa/****
region=ap-southeast-1
output=json
I can also run the live lambda development properly and the stacks are deployed to our aws account. These are the commands I run
Copy code
aws-vault exec myprofile
npx sst start --stage <mystage>
My lambda code looks like this
Copy code
import boto3
ddb = boto3.resource("dynamodb")
table = ddb.Table(MY_TABLE_NAME)
// do some operation on the table
When I invoke the lambda from the SST Console, this is what I get
Copy code
An error occurred (UnrecognizedClientException) when calling the DescribeTable operation: The security token included in the request is invalid.
I have the proper permissions to the dynamodb table on my lambda
I created another IAM user with MFA disabled, configured the profile locally and it worked
Copy code
# .aws/credentials
[myprofile-nomfa]
aws_access_key_id = ***
aws_secret_access_key = ***
then ran
Copy code
AWS_PROFILE=myprofile-nomfa npx sst start --stage <mystage>
when I invoke my lambda calling the dynamodb with boto3, this works
f

Frank

04/19/2022, 12:40 AM
Hey @John Stephen Soriao, taking a looking
j

John Stephen Soriao

04/19/2022, 1:26 AM
oh it worked when I used typescript with @aws-sdk/client-dynamodb
f

Frank

04/19/2022, 2:02 AM
Ah I think I see what the issue is. Will put in a fix for this.
j

John Stephen Soriao

04/21/2022, 2:07 PM
I just found out that this was because of the
AWS_SECURITY_TOKEN
environment variable. So I unset while using live lambda development
Copy code
if os.getenv("IS_LOCAL"):
    os.environ.pop("AWS_SECURITY_TOKEN")
f

Frank

04/23/2022, 3:45 PM
Hey @John Stephen Soriao I just pushed out an update with the fix
v1.0.0-beta.23
You can remove the
os.environ.pop
workaround.
4 Views