有用到 sam policy template 的時候,在 deploy 時 cloudformation 會需要 create role,這時就必須有
iam:createRole 權限,並且在 command line 加上 --capabilities CAPABILITY_IAM 參數,例如:sam deploy --template-file packaged.yaml --stack-name example-stack --capabilities CAPABILITY_IAM
否則會出現這樣的錯誤
An error occurred (InsufficientCapabilitiesException) when calling the ExecuteChangeSet operation: Requires capabilities : [CAPABILITY_IAM]
Reference
This error is a security related message: it happens when you try to create
a CloudFormation stack that includes the creation of IAM related resources.
You have to explicitly tell CloudFormation that you are OK with that.
沒有留言:
張貼留言