You and I both, though they are a blessing and a curse. Profiles used to be my biggest issue with local and remote cred resolution, and then we layered AWS SSO on top of profile management, which doubled my problems. It’s all technically more secure and ultimately cleaner to work with when you know what to do, but trying to figure out how to transparently pass role based IAM creds into a running Fargate container to the AWS SDK was a lesson in pain (not to mention designing that to work locally). Lambda can fall through to an SSO/managed profile env fine if running w/o the container wrapper, and SAM plugins are pretty magic for making it work if you use their container, but otherwise I have been strongly avoiding custom OCI containers w/o SAM because the dev SDLC is going to require all kinds of env tweaking and cred directory mounts.
No comments yet.