Great plugin... I find myself using it in nearly all of my sls projects now.

One thing I frequently do when using this plugin is to create an IAM user in the Resources section of my serverless.yml that has the minimally required permissions in order to run sls deploys in a CI/CD environment that strictly create a change set. This makes it easy then to create API keys for that user and have CI/CD use those creds to deploy cfn changesets automatically.

Would having an optional flag/config in this plugin that would automatically add that user and permissions to the cloudformation template make sense? This would remove having to copy/paste the same IAM user/permissions around, and this plugin can have a nice way of asserting the permissions it needs to create the changesets.

If this doesnt feel too niche or specific / out-of-scope, then I could start a PR.

Not sure if this is an issue from serverless or this plugin but a one line change in a function shouldn't create a changeset with all resources and all functions.

It would be good if you check in s3 first if the object exists.

> sls deploy --changeset --stage dev

Serverless: Packaging service...
Serverless: Service files not changed. Skipping deployment...
Serverless: Creating CloudFormation ChangeSet [...]...

  Serverless Error ---------------------------------------

  S3 error: Unable to get the object https://s3.amazonaws.com/...

I found that if I did not manually specify the provider.deploymentBucket in my serverless.yml file, this plugin failed to generate the correct S3 url.

As well as being able to set it via CLI?

Hi, I have a question, with this plug in can I do something like this,

aws cloudformation create-change-set
    --stack-name TargetStack --change-set-name ImportChangeSet
    --change-set-type IMPORT
    --resources-to-import "[{\"ResourceType\":\"AWS::DynamoDB::Table\",\"LogicalResourceId\":\"GamesTable\",\"ResourceIdentifier\":{\"TableName\":\"Games\"}}]"
    --template-body file://templateToImport.json

Or this work different from that cloudformation command?

What I'm trying to do is to split a couple of resources from a serverless stack and put them into a new stack but without deleting the current resource.

This repo. hasn't been updated since 2019 and according to this: serverless/serverless#10139
This plugin hasn't worked since serverless 2.0 was introduced. Since this is linked from the main serverless site (https://www.serverless.com/plugins/serverless-cloudformation-changesets) can we get some updated information posted here describing this? Updates to the plugin would also be good, of course.

unable to add [--role-arn ] to the the create change set.

Looks like there are some dependencies vulnerabilities. Is there any approach that i can take to fix them. Wondering if there is any plan for fix.

└─┬ [email protected]
└─┬ [email protected]
└─┬ @serverless/[email protected]
└─┬ @serverless/[email protected]
└── [email protected]

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless-cloudformation-changesets [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ serverless-cloudformation-changesets > serverless > │
│ │ @serverless/components > @serverless/platform-client > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1594 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless-cloudformation-changesets [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ serverless-cloudformation-changesets > serverless > │
│ │ @serverless/enterprise-plugin > @serverless/platform-client │
│ │ > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1594 │
└───────────────┴──────────────────────────────────────────────────────────────┘

Looking at my node_modules tree, and package.json of serverless-cloudformation-changesets, I noticed that serverless is a (non-dev) dependency. I think this was probably intended to be a peer-dependency? It seems it is needlessly injecting serverless framework as a subdependency in my node_modules tree, when I already have one.

See also output from npm ls serverless:

$ npm ls serverless
[email protected] /Users/ronkorving/Projects/myproject
├── [email protected]
└─┬ [email protected]
  └── [email protected]

Hi, I'm trying to run the serverless deploy command without any flag and getting this error:
Missing required key 'Value' in params.Tags[0]
with the following custom block:

custom:
  inputBucket: input-bucket-111223344 # Change to unique name
  outputBucket: output-bucket-bucket26111990 # Change to unique name
  cf-changesets:
    requireChangeSet: true # optional defaults to false

After a short look in the plugin code I found the following variable:

  let stackTags = {
    STAGE: plugin.options.stage
  }

looks like it is required to be sent from the CLI argument for stage

in my case, I'm using yaml file definitions, (for stage too).
how can I deal with it?