Stack trace :
User: arn:aws:sts::455734o955:assumed-role/xx-xx-xx-app-role/i-xxxxxxxxxx is not authorized to perform: cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/Serverless-2016-10-31 because no identity-based policy allows the cloudformation:CreateChangeSet action.
Fix.
Add the below resource within your JSON policy statement.
Note : cloudformation:* is strictly discouraged, fine tune your access permissions.
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "cloudformation:*",
"Resource": [
"arn:aws:cloudformation:us-east-1:aws:transform/Serverless-2016-10-31"
]
}
No comments:
Post a Comment