46

I get this error when I run create-stack for a cloudformation template that contains IAM policies.

aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_IAM --profile dev

An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_NAMED_IAM]

Improve this question
1

5 Answers 5

Reset to default
65

Change --capabilities to CAPABILITY_NAMED_IAM

If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM. If you don't specify this parameter, this action returns an InsufficientCapabilities error.

https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html

Improve this answer
0
17

As per AWS docs, If you specify a Role name in cloud formation, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities Link

So your command should be

aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_NAMED_IAM --profile dev
Improve this answer
1

In my case I needed both CAPABILITY_IAM and CAPABILITY_NAMED_IAM capabilities for a resource of type "AWS::IAM::Role".

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudFormation.html#createStack-property

Improve this answer
1

If you are using AWS CodePipeline to deploy an EC2 using a CloudFormation stack, there is an option called "Capabilities" from which you can select CAPABILITY_NAMED_IAM.

Improve this answer
0

You must pass capability as below if you're not letting CloudFormation name your IAM resources. Change from --capabilities CAPABILITY_IAM to --capabilities CAPABILITY_NAMED_IAM.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.