I am getting an exception when Deploying a cloud formation template regarding Requires capabilities : [CAPABILITY_IAM].
I have done some research and found out that when using IAM resources in the template we have to explicitly tell AWS that we are aware of IAM resources in the template.
I have done that. Below is my command
$ ./update.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM
$ ./update.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
$ ./create.sh ScalableAppCore AppServers.yml AppParameterCore.json --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
Tried all 3 commands but still, the output shows:
An error occurred (InsufficientCapabilitiesException) when calling the UpdateStack operation: Requires capabilities : [CAPABILITY_IAM]
Here is the actual code :
This is the Role I have created for S3
IamS3Role:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Instance Profile attachment
ProfileWithRolesForApp:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref IamS3Role
Please let me know where I am wrong . Thanks in advance
AWS OFFICIALUpdated 2 months ago
Yes, it has. My user is admin and I am working on this stack for a long time. Now I have IAM resource to deploy