2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
2
To diagnose the issue my advice is to use cloudtrail and find the calls cloudformation is making and subsequently being denied - cloudtrail will reveal the full detail of what is being denied
I'll also add you may want to have a look at service catalog and launch constraints as a way of allowing "other" users to provision an approved product. There is more control over the template used and ability to share across an organization. There is a workshop to demo the features
0
I think you need to add ec2::DescribeVpcs to get a more descriptive error
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 3 mois
Thanks. Actually I did try to find corresponding cloudtrail log but could not really figure out what were denied even with this very simple example. There are not really many logs and so I am not sure whether I miss something else.
Also thanks for the suggestion about service catalog. Will take a look at the workshop.
PS Notice that it is easier to search the cloudtrail using the corresponding requestid. Will try to fix the policy based on the error.