User is not authorized to perform: cloudformation:CreateStack

Question

I'm trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create I'm getting the following error.

AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-1:XXXXXXXXX:stack/XXXXXXXXX-development-r/* 

I have created a user and granted the following permissions to the user.

1. AWSLambdaFullAccess
2. AmazonS3FullAccess
3. CloudFrontFullAccess
4. AWSCloudFormationReadOnlyAccess ( There was no AWSCloudFormationFullAccess to grant )

How can I proceed? What else permissions I have to grant?

Answer 1

The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess, but obviously that's for readonly and you need cloudformation:CreateStack. Add the following as a user policy.

{     "Version": "2012-10-17",     "Statement": [         {             "Sid": "Stmt1449904348000",             "Effect": "Allow",             "Action": [                 "cloudformation:CreateStack"             ],             "Resource": [                 "*"             ]         }     ] } 

It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.