Menu
I get this error when I run create-stack for a cloudformation template that contains IAM policies.
aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_IAM --profile dev An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_NAMED_IAM]
966
When you create a stack, no stack policy is set, so all update actions are allowed on all resources. To protect stack resources from update actions, define a stack policy and then set it on your stack.
This error is a security related message: it happens when you try to create a CloudFormation stack that includes the creation of IAM related resources. You have to explicitly tell CloudFormation that you are OK with that. To make it work, simply add the parameter --capabilities CAPABILITY_IAM to your deploy command.
Change --capabilities to CAPABILITY_NAMED_IAM
If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM. If you don't specify this parameter, this action returns an InsufficientCapabilities error.
https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
