AWS Stack update error: Requires capabilities : [CAPABILITY_IAM]

后端 未结 2 1188
北海茫月
北海茫月 2021-02-02 06:03

When creating a stack with CloudFormation, I get this error:

Stack update error: Requires capabilities : [CAPABILITY_IAM]

I can\'t find a templ

2条回答
  •  轻奢々
    轻奢々 (楼主)
    2021-02-02 06:21

    Turns out you need to check a box on the last screen of the stack creation. If you are using the console, just above the 'create stack' button there's a box asking you to acknowledge that you want to allow Cloudformation to modify IAM stuff. You can, of course, create the stack without the acknowledgement, which will cause the stack to fail with the CAPABILITY_IAM error (or another error, if a different capability is required).

    In CodePipeline CloudFormation you can add it like this to allow execution of the created change_set in the deploy action:

    Configuration:
            StackName: !Ref GitHubRepository
            ActionMode: CHANGE_SET_REPLACE
            Capabilities: CAPABILITY_NAMED_IAM
            RoleArn: arn:aws:iam::818272543125:role/events-list-codepiplinerole
            ChangeSetName: !Join ["",[!Ref GitHubRepository, "-changeset"]]
            TemplatePath: MyAppBuild::sam_post.yaml
    

    In the aws cli append

    --capabilities CAPABILITY_IAM
    

    or

    --capabilities CAPABILITY_NAMED_IAM
    

    To your command like this:

    aws cloudformation create-stack --stack-name message-store --template-body file://bucket_with_keys.yaml --parameters file://cfg_bucket_with_keys.json --capabilities CAPABILITY_NAMED_IAM
    

    This does not apply to cloudformation --validate-template as it is not actually creating the resources.

提交回复
热议问题