Comments (16)
bfreis
commented on September 13, 2024
287
This error is a security related message: it happens when you try to create
a CloudFormation stack that includes the creation of IAM related resources.
You have to explicitly tell CloudFormation that you are OK with that.
To make it work, simply add the parameter --capabilities CAPABILITY_IAM to
your deploy command. That should solve the problem.
Cheers!
…On Mon, Jan 2, 2017, 2:30 PM Avi Zloof ***@***.***> wrote:
Hi,
I am trying to enable serverless deployment with pipline and
cloudformation services but failing to do so due to the following error:
My set of commands was:
c:\StackData\lambda>aws cloudformation package --template-file samTemplate.yml --s3-bucket lambdabiot --output-template-file outputTemplate.yml
Successfully packaged artifacts and wrote output template to file outputTemplate.yml.
Execute the following command to deploy the packaged template
aws cloudformation deploy --template-file c:\StackData\lambda\outputTemplate.yml --stack-name <YOUR STACK NAME>
c:\StackData\lambda>
c:\StackData\lambda>aws cloudformation deploy --template-file c:\StackData\lambda\outputTemplate.yml --stack-name ProdStack
Waiting for changeset to be created..
An error occurred (InsufficientCapabilitiesException) when calling the ExecuteChangeSet operation: Requires capabilities : [CAPABILITY_IAM]
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#51>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAP995gSvsiOZf9B8l0yJ2wvP5_IVmiwks5rOPv1gaJpZM4LZAzq>
.
from serverless-application-model.
brysontyrrell
commented on September 13, 2024
32
@davidwebstar34 For you, switch --capabilities CAPABILITY_IAM to --capabilities CAPABILITY_NAMED_IAM. If you're not letting CloudFormation name your IAM resources you need to pass this capability.
from serverless-application-model.
keetonian
commented on September 13, 2024
28
You may sometimes need multiple capabilities, like when working with nested stacks. You can add multiple capabilities by listing them (separated by a space):
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
See https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html for more information about these capabilities. For most cases, you will only need one of these capabilities.
from serverless-application-model.
manpenaloza
commented on September 13, 2024
4
I added the --capabilities CAPABILITY_IAM flag, but still get the the "Access denied" message in my console.
Here's the command I executed:
aws cloudformation deploy \
--template-file serverless-output.yaml \
--stack-name prod \
--capabilities CAPABILITY_IAManytihing else that could cause this? thx for your support!
from serverless-application-model.
piyushchordia
commented on September 13, 2024
4
Add --capabilities CAPABILITY_NAMED_IAM
This should fix the issue
from serverless-application-model.
sanathkr
commented on September 13, 2024
2
adding --capabilities should solve the problem. Let us know if it doesn't
from serverless-application-model.
davidwebstar34
commented on September 13, 2024
1
I have the exact same issue when I run create-stack for a cloudformation template that contains IAM policies.
aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_IAM --profile dev
An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_NAMED_IAM]
from serverless-application-model.
C-Kenny
commented on September 13, 2024
1
Thanks @piyushchordia, CAPABILITY_NAMED_IAM worked for me also.
I ended up with a command like:
AWS_DEFAULT_PROFILE=role_name aws cloudformation create-stack --stack-name stack_name --template-url s3_url/template file --parameters file:///local_params.json --capabilities CAPABILITY_NAMED_IAM
from serverless-application-model.
heijmerikx
commented on September 13, 2024
1
Ok, 'funny' this didn't work for me:
sam deploy --config-env default --profile myprofile –-capabilities CAPABILITY_IAM
But this did:
sam deploy --config-env default --capabilities CAPABILITY_IAM --profile myprofile
from serverless-application-model.
avizaviz
commented on September 13, 2024
Thanks
from serverless-application-model.
bgkpandurang
commented on September 13, 2024
i was also faced this issue ,fixed it by adding --capabilities CAPABILITY_IAM
from serverless-application-model.
shetty-shruti
commented on September 13, 2024
adding --capabilities CAPABILITY_IAM worked for me too. Thanks
from serverless-application-model.
ktajpuri
commented on September 13, 2024
adding --capabilities CAPABILITY_IAM fixed the issue for me
from serverless-application-model.
idolice
commented on September 13, 2024
i tried CAPABILITY_NAMED_IA & CAPABILITY_IAM, neither work for me, still get the same error message as avizaviz, my cmd is:
aws cloudformation deploy --template-file target/output-sam.yaml --stack-name spring-boot-lambda --capabilities CAPABILITY_IAM
any suggesion?@sanathkr
from serverless-application-model.
abodero
commented on September 13, 2024
adding --capabilities CAPABILITY_IAM fixed the issue. thxs
from serverless-application-model.
citizenilustre
commented on September 13, 2024
@davidwebstar34 For you, switch
--capabilities CAPABILITY_IAMto--capabilities CAPABILITY_NAMED_IAM. If you're not letting CloudFormation name your IAM resources you need to pass this capability.
This was the solution for me, insetead of using CAPABILITY_IAM I used CAPABILITY_NAMED_IAM and it worked.
from serverless-application-model.
Related Issues (20)
- AWS::Serverless::Api auto deploys API when a resource is being added HOT 4
- Environment variables not updated HOT 5
- Bug: Using a Ref in StageName is Not Working Properly - Template.yaml HOT 4
- !If not working on Serverless:Function handler HOT 5
- how to configure KMSVerifyPolicy and KMSSignPolicy HOT 1
- Feature request: Git sync HOT 4
- Security: default permission allow any service to invoke a lambda function HOT 3
- Several tests fail with Pydantic 1.10.15 (latest 1.x) HOT 6
- (New Connector Profile) AWS Batch HOT 1
- EventInvokeConfig does not appear in processed template when following the spec HOT 3
- (New Connector Profile) AWS::ApiGateway::RestApi > AWS::Serverless::StateMachine HOT 1
- Bug: Lambda function (with alias) doesn't create a new version after its layer is updated, even if `AutoPublishAliasAllProperties` is set to `true` HOT 7
- Several tests fail with Pydantic 1.10.17 (latest 1.x) HOT 5
- Bug: No new Lambda Versions are deployed with Lambda configurations changes HOT 6
- Event sources do not invoke versioned state machines by their alias HOT 4
- Lambda layer code not updated in Lambda function during `sam sync` HOT 1
- SQS:*Batch permissions aren't vaild permissions HOT 2
- Can't use ForEach intrinsic function to define resources HOT 6
- Set Pydantic 2.* as possible dependency HOT 2
- Library usage and Default values
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-application-model.