用户无权执行：cloudformation：CreateStack [英] User is not authorized to perform: cloudformation:CreateStack

问题描述

我正在尝试无服务器以创建AWS Lambda，并在使用命令创建项目时无服务器项目创建我遇到以下错误。

I'm trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create I'm getting the following error.

AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-1:XXXXXXXXX:stack/XXXXXXXXX-development-r/*

我已经创建了一个用户，并向该用户授予了以下权限。

I have created a user and granted the following permissions to the user.

1. AWSLambdaFullAccess


2. AmazonS3FullAccess


3. CloudFrontFullAccess
>

4. AWSCloudFormationReadOnlyAccess（没有要授予的 AWSCloudFormationFullAccess ）

1. AWSLambdaFullAccess
2. AmazonS3FullAccess
3. CloudFrontFullAccess
4. AWSCloudFormationReadOnlyAccess ( There was no AWSCloudFormationFullAccess to grant )

我该如何进行？我还必须授予什么权限？

How can I proceed? What else permissions I have to grant?

推荐答案

您提到的最接近的是 AWSCloudFormationReadOnlyAccess ，但是显然，这是只读的，您需要 cloudformation：CreateStack 。将以下内容添加为用户策略。

The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess, but obviously that's for readonly and you need cloudformation:CreateStack. Add the following as a user policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

完全有可能需要更多权限，例如，启动EC2例如，（重新）配置安全组等。

It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.

这篇关于用户无权执行：cloudformation：CreateStack的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！