"-capabilities CAPABILITY_IAM" feature

Question

"-capabilities CAPABILITY_IAM" feature

Closed this issue 8 years ago · 1 comments

I am tryint to run a CF template which looks like this:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Lambda and API Gateway",
  "Resources": {
      "LambdaExecutionRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
          "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{
              "Effect": "Allow",
              "Principal": {
                "Service": ["lambda.amazonaws.com"]
              },
              "Action": ["sts:AssumeRole"]
            }]
          },
          "Policies": [{
            "PolicyName": "lambdalogtocloudwatch",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [{
                "Effect": "Allow",
                "Action": ["logs:CreateLogGroup", 
                "logs:CreateLogStream",
                "logs:PutLogEvents"],
                "Resource": "arn:aws:logs:*:*:*"
              }]
            }
          }]
        }
      }
  }
}

When I deploy it, the cnf-flow command returns this exception:

cfn-flow deploy prod
/usr/local/rvm/gems/ruby-2.3.0@global/gems/aws-sdk-core-2.6.49/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call': Requires capabilities : [CAPABILITY_IAM] (Aws::CloudFormation::Errors::InsufficientCapabilitiesException)

Any chance I can force this CAPABILITY_IAM feature to avoid the exception?

Many thanks,
VG

Answer 1 · 2017-01-23T00:01:52.000Z

Found the CAPABILITY_IAM mentioned in the expanded example of the cnf-flow.yml configuration file. Thanks!