I am trying to validate a Cloudformation template. The command I am issuing is:
▶ aws cloudformation validate-template --template-body file://template.json
The response I am getting, however, is:
"CapabilitiesReason": "The following resource(s) require capabilities:
[AWS::IAM::Role]",
I can't find any way to set the capability unfortunately.
How do you set the capability?
The Capabilities and CapabilitiesReason outputs from validate-template are not errors. They are normal outputs listing resources requiring capabilities that will need to be specified (via --capabilities) when running create-stack or update-stack in the future.
You can confirm that a validation succeeded without errors by checking that the return code is 0 indicating the command completed successfully.
The documentation for the validate-template outputs is as follows:
Capabilities -> (list)
The capabilities found within the template. If your template contains IAM resources, you must specify the
CAPABILITY_IAMorCAPABILITY_NAMED_IAMvalue for this parameter when you use thecreate-stackorupdate-stackactions with your template; otherwise, those actions return anInsufficientCapabilitieserror. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.CapabilitiesReason -> (string)
The list of resources that generated the values in the Capabilities response element.
--capabilities=CAPABILITY_IAMwithcreate-stackcli commands makes stacks butvalidate-stackseems to require this capability also but there is no cli option for adding itcreate-stackorupdate-stackthat you have to specify theCAPABILITY_IAMcapability.