serverless-application-model: cloudformation deploy exits without useful message
After running the aws cloudformation package command, I then run deploy and get this:
aws cloudformation deploy --template-file new_template.yml --stack-name stack_name --capabilities CAPABILITY_IAM --profile profile_name
Waiting for changeset to be created..
'Status'
It exits at that point. It gets stuck on the first event: “ResourceStatus”: “REVIEW_IN_PROGRESS”,
I am using the code from this example: https://github.com/awslabs/serverless-application-model/tree/master/examples/2016-10-31/hello_world
aws-cli/1.11.36 Python/2.7.10 Darwin/16.3.0 botocore/1.4.93
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 9
- Comments: 17 (4 by maintainers)
I just got this issue and it’s because I was missing the
cloudformation:DescribeChangeSetpermission.After grant this user, I called it serverlessAdmin, all permissions (essentially an account admin), the above errors goes away. But I don’t think it’s a good practice. Would be great if we can find out the minimal Policy that should be attached to this user.
Just an update:
Having only this cloudformation action allowed
cloudformation:DescribeStackswill give this error:An error occurred (AccessDenied) when calling the CreateChangeSet operation: User: arn:aws:iam::account_id:user/user_name is not authorized to perform: cloudformation:CreateChangeSetSo when I allow
cloudformation:CreateChangeSetby adding it to the policy, then thedeploycommand exits and all I see is this:I’m guessing I need to allow more actions but there is no error message telling me what I’m missing. This is probably an awscli cloudformation issue I’m guessing.
I was facing the same problem and yeah adding permissions helped but ideally I would like to see an error message that describes to me what went wrong
Nothing actionable here. Closing
Does it complete if you call deploy with ‘–no-execute-changeset’ option? If yes, then you might be missing
cloudformation:ExecuteChangeSetpermission.