[ac360]

Yes, we do this, like other build engines, CI/CD products, and other cloud services. We try to be clear about what's happening and why in this section of the documentation: https://github.com/serverless/components#where-do-components... and we discuss the cloud-based deployment approach elsewhere in the docs.

Further, this is all designed to support and facilitate our upcoming component-scoped permissions, which will significantly reduce required permissions for the Framework, compared to what Serverless Framework Traditional requires.

We'll add more clarity in the docs specifically on credentials and try to make this known upfront.

[revicon]

I’m not sure I’m understanding what’s happening here, I’m using the serverless command line app to deploy a lambda function to AWS from my local terminal. Nowhere in that process is serverless.com required to be involved. Are my AWS credentials being pushed to serverless.com when I do a deploy? If so, how do I disable this? We’re in a regulated industry and serverless.com is not an approved vendor of ours and should not be receiving any of our AWS credentials.

[ac360]

I apologize for the confusion. The original post is misleading and I should have clarified this in my response above (I'm juggling a newborn ATM).

The Serverless Framework open-source experience does not do this. But there are premium features, like Serverless Framework Components (which this post is actually referring to) which do this.

When you use these premium features you must log into the Serverless Framework SaaS offering via your CLI, accept a TOS, etc.

At the same time, we need to make sure our communication on these SaaS offerings and how they work is more clear. With respects to that, we'll collect all of the feedback we can to get this right!

[revicon]

Got it, thanks for the clarification.