CODEWITHSUNDEEP
amazon-web-servicesamazon-iam
overexchange
overexchange

Reputation: 1

Requires capability named IAM - ManagedPolicy

Below is the error:

{
    "CapabilitiesReason": "The following resource(s) require capabilities: [AWS::IAM::ManagedPolicy]", 
    "Description": “Some Permission boundary”, 
    "Parameters": [], 
    "Capabilities": [
        "CAPABILITY_NAMED_IAM"
    ]
}
$

after running:

$ aws cloudformation validate-template  --template-url https://s3-sometemplate.yml

There is managed policy defined in the template

What does this error imply?

Upvotes: 1

Views: 802

Answers (1)

RAMNEEK GUPTA
RAMNEEK GUPTA

Reputation: 783

This is not an error. This is normal output listing resources requiring capabilities that will need to be specified (via --capabilities) when running create-stack or update-stack in the future.

You can confirm that a validation succeeded without errors by checking that the return code is 0 indicating the command completed successfully.

The documentation for the validate-template outputs is as follows:

Capabilities -> (list)

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the create-stack or update-stack actions with your template; otherwise, those actions return an InsufficientCapabilities error. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

CapabilitiesReason -> (string)

The list of resources that generated the values in the Capabilities response element.

Upvotes: 4

Related Questions