hakuna
Reputation: 6701
CloudFormation - user does not own network ACL
Getting the error 'user XXXXXXXXX does not own a resource nvirgi-acl2-15txjsljshg15' (nvirgi-acl2-15txjsljshg15 is the name of the created acl), below is my cloud formation JSON for the vpc,subnets,acl and networkacl. How do i get pass this error ?
"VPC1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.10.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "false",
"Tags": [
{
"Key": "Name",
"Value": "My Dashboard"
}
]
}
},
"subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.48.0/20",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
}
}
},
"subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.0.0/20",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC1"
},
"Tags": [
{
"Key": "Name",
"Value": "MyDashboard"
}
]
}
},
"subnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.32.0/20",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
}
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "NetworkAcl1"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "101",
"NetworkAclId": {
"Ref": "NetworkAcl2"
}
}
},
"acl3": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "102",
"NetworkAclId": {
"Ref": "NetworkAcl3"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl1"
},
"SubnetId": {
"Ref": "subnet1"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl2"
},
"SubnetId": {
"Ref": "subnet2"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl3"
},
"SubnetId": {
"Ref": "subnet3"
}
}
},
"NetworkAcl1": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
},
"NetworkAcl2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
},
"NetworkAcl3": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
}
Upvotes: 1
Views: 821
Answers (1)
wjordan
Reputation: 20390
The issue is that the NetworkAclId property in the AWS::EC2::SubnetNetworkAclAssociation resources ("subnetacl[1-3]") must reference the AWS::EC2::NetworkAcl resources ("NetworkAcl[1-3]"), not the AWS::EC2::NetworkAclEntry resources ("acl[1-3]") as they are currently.
Upvotes: 2
Related Questions
- CloudFormation is not authorized to perform: iam:PassRole on resource
- User is not authorized to perform: cloudformation:CreateStack
- CloudFormation "You are not authorized to perform this operation" creating SubnetRouteTableAssociation
- aws cloudformation - permission control / routine
- AWS Cloudformation: Security group is not valid
- Getting error while passing multiple security groups to Network Interface via Cloudformation
- How do I identify what IAM permissions are required for AWS CloudFormation?
- cloudformation failing with security group mismatch
- CloudFormation IAM Role -- AssumeRolePolicyDocument
- Required permissions to user CloudFormer