User is not authorized to perform: cloudformation:CreateStack

后端未结

关注

 11  1653

I\'m trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create I\'m getting the following error.

相关标签:

11条回答

有刺的猬

2021-01-31 01:52

There is a section in the docs on this (at least now).

With a gist showing the policies JSON they recommend.

0 讨论(0)
发布评论:

提交评论
- 加载中...
不要未来只要你来

2021-01-31 01:53
if you have multiple AWS profiles, try to explicity
```
export AWS_ACCESS_KEY_ID=<value>
export AWS_SECRET_ACCESS_KEY=<value>
```
before trying
```
serverless deploy
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

醉酒成梦

2021-01-31 01:54

These 2 helped me cross the line...

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "apigateway:*",
            "Resource": "*"
        }
    ]
}

and

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudformation:ListStacks",
                "cloudformation:DescribeStackEvents",
                "cloudformation:CreateStack",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStackResource",
                "cloudformation:CreateChangeSet",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:ValidateTemplate"
            ],
            "Resource": "*"
        }
    ]
}

0 讨论(0)

爱一瞬间的悲伤

2021-01-31 01:54
Create the following policy:
1. Click on Policy -> Create Policy
2. Under Select Service - Type EKS & Select 'EKS'
3. Under Actions: Select 'All EKS Actions'
4. Under Resources: Either select 'All resources' or Add ARN
5. Click on Review Policy
6. Type the name for the policy & create the policy.
Now, associate this policy to the user account. This should solve the issue & you should be able to create the stack.
0 讨论(0)
发布评论:

提交评论
- 加载中...
难免孤独

2021-01-31 01:55
The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess, but obviously that's for readonly and you need cloudformation:CreateStack. Add the following as a user policy.
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
```
It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.
0 讨论(0)
发布评论:

提交评论
- 加载中...

梦谈多话

2021-01-31 01:56

What @tedder42 said, but I also had to add the following to my group policy before I could deploy to lambda from inside visual studio.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

0 讨论(0)

1 2 下一页