2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
2
To diagnose the issue my advice is to use cloudtrail and find the calls cloudformation is making and subsequently being denied - cloudtrail will reveal the full detail of what is being denied
I'll also add you may want to have a look at service catalog and launch constraints as a way of allowing "other" users to provision an approved product. There is more control over the template used and ability to share across an organization. There is a workshop to demo the features
0
I think you need to add ec2::DescribeVpcs to get a more descriptive error
beantwortet vor 2 Jahren
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Monaten
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
Thanks. Actually I did try to find corresponding cloudtrail log but could not really figure out what were denied even with this very simple example. There are not really many logs and so I am not sure whether I miss something else.
Also thanks for the suggestion about service catalog. Will take a look at the workshop.
PS Notice that it is easier to search the cloudtrail using the corresponding requestid. Will try to fix the policy based on the error.