2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
2
To diagnose the issue my advice is to use cloudtrail and find the calls cloudformation is making and subsequently being denied - cloudtrail will reveal the full detail of what is being denied
I'll also add you may want to have a look at service catalog and launch constraints as a way of allowing "other" users to provision an approved product. There is more control over the template used and ability to share across an organization. There is a workshop to demo the features
0
I think you need to add ec2::DescribeVpcs to get a more descriptive error
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 mesi fa
Thanks. Actually I did try to find corresponding cloudtrail log but could not really figure out what were denied even with this very simple example. There are not really many logs and so I am not sure whether I miss something else.
Also thanks for the suggestion about service catalog. Will take a look at the workshop.
PS Notice that it is easier to search the cloudtrail using the corresponding requestid. Will try to fix the policy based on the error.