Problem Description

Currently, the Serverless Framework v3 does not support AWS SSO (Single Sign-On) / IAM Identity Center credentials. When attempting to deploy using an SSO profile, users receive a "credentials not found" error, even after successfully authenticating with aws sso login.

This forces users to resort to workarounds such as:

• Manually exporting temporary credentials from SSO sessions
• Using third-party tools like aws-vault or aws-sso-util
• Maintaining separate static credentials alongside SSO

Use Case

Many organizations have adopted AWS SSO/IAM Identity Center as their primary authentication method for AWS access. It provides:

• Centralized access management across multiple AWS accounts
• Temporary, automatically-rotating credentials
• Integration with corporate identity providers
• Enhanced security through short-lived sessions

Without native SSO support, teams using the Serverless Framework must maintain separate credential management workflows, reducing security and adding operational overhead.

Current Behavior

# User logs in successfully with SSO
$ aws sso login --profile my-sso-profile
Successfully logged into Start URL: https://example.awsapps.com/start

# Attempt to deploy with Serverless Framework fails
$ serverless deploy --aws-profile my-sso-profile
Error: AWS provider credentials not found.

Expected Behavior

# User logs in with SSO
$ aws sso login --profile my-sso-profile

# Serverless Framework recognizes and uses SSO credentials
$ SLS_AWS_SDK_V3=1 serverless deploy --aws-profile my-sso-profile
Deploying service to stage dev (us-east-1)
✔ Service deployed successfully

Proposed Solution

Implement SSO credential support using AWS SDK v3's fromNodeProviderChain credential provider, which natively handles SSO profiles. This would:

• Automatically resolve SSO credentials from ~/.aws/config profiles
• Support both legacy SSO format and new SSO session format
• Provide helpful error messages when SSO sessions expire
• Maintain backward compatibility with existing credential methods

Environment

• Serverless Framework Version: 3.40.1
• Operating System: macOS/Linux/Windows
• Node Version: 18.x and above
• AWS CLI Version: 2.x (with SSO support)

Additional Context

AWS SSO is becoming the standard for AWS authentication in enterprise environments. The AWS CLI and AWS SDKs have supported SSO for several years. Adding this support would align the Serverless Framework with current AWS best practices and remove a significant barrier for enterprise adoption.

Related Issues/PRs

• This issue addresses the lack of SSO support in SDK v3 mode
• Builds upon recent SDK v3 improvements in the codebase

I welcome questions/comments. I have a working implementation ready to submit as a PR pending your feedback.