AWS CloudFormation Stack 更新错误:需要功能:[CAPABILITY_IAM] [英] AWS CloudFormation Stack update error: Requires capabilities : [CAPABILITY_IAM]

问题描述

使用 CloudFormation 创建堆栈时，出现此错误:

When creating a stack with CloudFormation, I get this error:

堆栈更新错误:需要功能:[CAPABILITY_IAM]

Stack update error: Requires capabilities : [CAPABILITY_IAM]

我找不到用于将 CAPABILITIES_IAM 添加到 CloudFormation 配置的模板.

I can't find a template for adding CAPABILITIES_IAM to the CloudFormation configuration.

解决CAPABILITIES_IAM 错误的选项有哪些?

What are the options for resolving CAPABILITIES_IAM errors?

推荐答案

事实证明您需要在堆栈创建的最后一个屏幕上选中一个框.如果您正在使用控制台，则在创建堆栈"按钮上方有一个框，要求您确认您希望允许 Cloudformation 修改 IAM 内容.当然，您可以在没有确认的情况下创建堆栈，这将导致堆栈失败并出现 CAPABILITY_IAM 错误(或其他错误，如果需要不同的功能).

Turns out you need to check a box on the last screen of the stack creation. If you are using the console, just above the 'create stack' button there's a box asking you to acknowledge that you want to allow Cloudformation to modify IAM stuff. You can, of course, create the stack without the acknowledgement, which will cause the stack to fail with the CAPABILITY_IAM error (or another error, if a different capability is required).

在 CodePipeline CloudFormation 中，您可以像这样添加它以允许在部署操作中执行创建的 change_set:

In CodePipeline CloudFormation you can add it like this to allow execution of the created change_set in the deploy action:

Configuration:
        StackName: !Ref GitHubRepository
        ActionMode: CHANGE_SET_REPLACE
        Capabilities: CAPABILITY_NAMED_IAM
        RoleArn: arn:aws:iam::818272543125:role/events-list-codepiplinerole
        ChangeSetName: !Join ["",[!Ref GitHubRepository, "-changeset"]]
        TemplatePath: MyAppBuild::sam_post.yaml

在 aws cli 中追加

In the aws cli append

--capabilities CAPABILITY_IAM

或

--capabilities CAPABILITY_NAMED_IAM

像这样的命令:

aws cloudformation create-stack --stack-name message-store --template-body file://bucket_with_keys.yaml --parameters file://cfg_bucket_with_keys.json --capabilities CAPABILITY_NAMED_IAM

这不适用于 cloudformation --validate-template，因为它实际上并未创建资源.

This does not apply to cloudformation --validate-template as it is not actually creating the resources.

这篇关于AWS CloudFormation Stack 更新错误:需要功能:[CAPABILITY_IAM]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！