overriding AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY in .env variables

[meysam-tgbs]

Description:

Hello,
I'm deploying a lumen project and have a problem with overriding AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY in .env variables. so it causes issues like not connecting to DynamoDB.

When I hardcode my variables such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, everything is going to ok.

it seems there is something wrong with vlucas/phpdotenv package. because, I created a sample php project and I also had the same problem there.

How to reproduce:
Serverless version:

Framework Core: 2.68.0
Plugin: 5.5.1
SDK: 4.3.0
Components: 3.18.1

Bref Version:

bref/bref: 1.1.0
bref/laravel-bridge: 1.1.3

[mnapoli]

Hi! These environment variables are always defined automatically on AWS Lambda: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime

So the ones from .env will never be loaded.

If you want to add permissions to code running in Lambda, you should do that on the Lambda role itself.

[meysam-tgbs]

Thanks for reply, I don't understand how to add permission to my Lambda. if you mean that I should add permission roles to bref-cli user I already added permissions like AmazonDynamoDBFullAccess. also I added permissions to my serverless.yml file like this:

    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:*
        Resource: "*"

but nothing changes.

please tell me how should I do that? thanks again.

[mnapoli]

Yes this is how you're supposed to do it. It's hard to say why it's not working without more details.

[t-richard]

This is the proper way to handle this. You should also make sure you never use the access and secret keys directly in your code or configuration. Your SDK (official AWS SDK, AsyncAws, etc) should detect everything automatically when using a role statement like this.

[meysam-tgbs]

Thanks a lot, I solved the issue that was I was trying to connect to AWS with credential which was wrong.