An error occurred (AccessDenied) when calling the CreateStack operation: User: arn:aws:iam::812520856627:user/dimitris is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-west-2:812520856627:stack/blog-stage/*
我试图在命令上运行它:
aws cloudformation create-stack --stack-name blog-stage --template-body file://$PWD/stack.yml --profile demo --region us-west-2
Resources:
AppNode:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0c579621aaac8bade
KeyName: jimapos
SecurityGroups:
- !Ref AppNodeSG
AppNodeSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: for the app nodes that allow ssh, http and docker ports
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
答案 0 :(得分:0)
您正在尝试针对未经授权执行User
cloudformation:CreateStack
dimitris 创建堆栈
要向assign permission的用户转到https://console.aws.amazon.com/iam/home#/home->用户->选择用户->添加权限
尝试添加带有用户权限的此政策。
示例授予创建和查看堆栈操作的示例策略
{
"Version":"2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":[
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:ValidateTemplate"
],
"Resource":"*"
}]
}
您可以选中此link,以将策略自定义或重新粘贴到特定资源。
您可以创建自定义策略,也可以附加以下内容。