https://serverless-stack.com/ logo
Join Slack
Powered by
Just now actually trying to setup an SST app with ...
# help
g
Just now actually trying to setup an SST app with cognito and one httpapi route guarded by cognito auth and I am getting this when trying to run: Anyone know what I might be doing wrong?
j
This seems like it might be an issue with the AWS CLI credentials? Just searched and I found this https://github.com/aws/aws-cdk/issues/8535
f
Yup, u often get that when the IAM credentials are wrong, or from a different account.
@Garret Harp U can do a quick validate the IAM credentials by running this in ur terminal
Copy code
aws sts get-caller-identity
Let me know how it goes.
g
Calling get-caller-identity works as expected, shows the account I am using. (Has admin access perms on iam).
Hmm I use leapp to manage my sessions and as soon as I close that app and input my aws credentials in the credentials file it works. Not sure why this would be an issue running SST, never had any issues using serverless framework deploys.
f
I see. This is what you using https://www.leapp.cloud right?
Just created an issue here.. going to take a look https://github.com/serverless-stack/serverless-stack/issues/661
g
Yes thats the one
f
Hey @Garret Harp, so I got an update on this.
I managed to reproduce ur issue, when Leapp session is on, all resources can be created/removed except for IAM resources.
If you look at the screenshot u shared above, it failed to create 
AWS::IAM::Role
. other resources were successfully created.
I experienced the same issue.
This turns out to be a limitation with Leapp/AWS STS. For plain AWS accounts, Leapp calls STS’s get-session-token API to get a short-term credentials. And if MFA is not enabled, the short-term credentials are not allowed to make AWS IAM calls.
Open in Slack
PreviousNext
Powered by