By using AWS re:Post, you agree to the Terms of Use
/Required Capabilities Cloudformation Template/

Required Capabilities Cloudformation Template

0

I am getting an exception when Deploying a cloud formation template regarding Requires capabilities : CAPABILITY_IAM.

I have done some research and found out that when using IAM resources in the template we have to explicitly tell AWS that we are aware of IAM resources in the template.

I have done that. Below is my command

$ ./update.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM

$ ./update.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM

$ ./create.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND

Tried all 3 commands but still, the output shows:
An error occurred (InsufficientCapabilitiesException) when calling the UpdateStack operation: Requires capabilities : CAPABILITY_IAM

Here is the actual code :

This is the Role I have created for S3

IamS3Role:
    Type: AWS::IAM::Role
    Properties:
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /

Instance Profile attachment

ProfileWithRolesForApp:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: "/"
      Roles:
        - !Ref IamS3Role
  

Please let me know where I am wrong . Thanks in advance

2 Answers
0
Accepted Answer

There was a mistake in my update.sh script. All resolved now

answered 2 months ago
0

Hi. I think the problem is not at Cloudformation, it causes by your credential. Should you check whether the credential is authoried to do UpdateStack action at the target resource?

answered 2 months ago
  • Yes, it has. My user is admin and I am working on this stack for a long time. Now I have IAM resource to deploy

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions