how do you use aws:accountID

[jceaser]

How can you use serverless offline when you have ${was:accountId} defined in your serverless.yml file without setting .aws/credentials to anything valid?

I have a setup where I create an IAM which is used as my role. This IAM references the AWS account id. Locally I assume this is meaningless, however serverless throws an error, I assume because it is trying to login to AWS to get the account ID. Shouldn't this value be faked? Is there a way to tell serverless to not go look it up?

[NSerbin]

Any news about it ?????

[rion18]

There's a very easy way to make it so aws:accountId DOES NOT actually read a valid value. In your serverless file, you can create the following param:

serverless.yml:

params:
  default:
    AWS_ACCOUNT_ID: ${file(./serverless/parameters/environment.yml):${sls:stage}.AWS_ACCOUNT_ID, env:LOCAL_AWS_ACCOUNT_ID, '123'}

In this case, serverless/parametrers/environment.yml is another yaml file that contains another definition for AWS_ACCOUNT_ID.

serverless/parametrers/environment.yml:

stageExample:
    AWS_ACCOUNT_ID: ${aws:accountId}

In this case, the definition of AWS_ACCOUNT_ID goes as follows:

If current stage is stageExample, then aws:accountId is the value.
Otherwise, use the .env value for LOCAL_AWS_ACCOUNT_ID.
If LOCAL_AWS_ACCOUNT_ID is not defined, use the value 123.

Then, instead of using aws:accountId on any serverless param value, you can use param:AWS_ACCOUNT_ID.

This can actually make you work on serverless without even having an AWS account/creds.

[dmarreco]

Is this a bug or is there a reason why resolving aws:accountId is impossible in local environment?

[rion18]

It is absolutely not impossible... Care to elaborate a little bit?

[lqueryvg]

I'm experiencing exactly the same issue.

I think it's a bug and is V3 specific.

If your serverless.yml file contains any aws variables, e.g. ${aws:accountId} you get errors along the lines of:

Cannot resolve variable at "blah.blah.blah": The security token included in the request is invalid.,

The only workaround I've seen is to put all aws: variables in a separate file - and you have to have a separate file for each environment.

This is cludgey, nasty, horrible ....

It should work like this:

1. serverless-offline should have the common sense to not try to connect to an AWS service when running in offline mode - you shouldn't need to set AWS_PROFILE and configure dummy credentials in your .aws directory
2. by default it should replace these variables with a default value, e.g. 123412341234 aws:accountId
3. optionally it should be possible to override those default values via keys in the custom section of the serverless.yml

This is how plugins like serverless-offline-ssm and serverless-pseudo-parameters work.