When creating a stack with CloudFormation, I get this error:
Stack update error: Requires capabilities : [CAPABILITY_IAM]
I can't find a template for adding CAPABILITIES_IAM to the CloudFormation configuration.
What are the options for resolving CAPABILITIES_IAM errors
Turns out you need to check a box on the last screen of the stack creation.
In CodePipeline CloudFormation you can add it like this to allow execution of the created change_set in the deploy action:
Configuration:
StackName: !Ref GitHubRepository
ActionMode: CHANGE_SET_REPLACE
Capabilities: CAPABILITY_NAMED_IAM
RoleArn: arn:aws:iam::818272543125:role/events-list-codepiplinerole
ChangeSetName: !Join ["",[!Ref GitHubRepository, "-changeset"]]
TemplatePath: MyAppBuild::sam_post.yaml
In the aws cli append
--capabilities CAPABILITY_IAM
or
--capabilities CAPABILITY_NAMED_IAM
To your command like this:
aws cloudformation create-stack --stack-name message-store --template-body file://bucket_with_keys.yaml --parameters file://cfg_bucket_with_keys.json --capabilities CAPABILITY_NAMED_IAM
This does not apply to cloudformation --validate-template as it is not actually creating the resources.
If you are using the AWS CLI, you can add an extra parameter to the aws cloudformation create-stack command that explicitly states you want these capabilities provided.
(this is the CLI equivalent of ticking the checkbox in the other answer here).
The parameter is --capabilities CAPABILITY_IAM, so your command would look like:
aws cloudformation create-stack --stack-name $STACK_NAME --capabilities CAPABILITY_IAM
Hope that helps
来源:https://stackoverflow.com/questions/41246108/aws-stack-update-error-requires-capabilities-capability-iam