LoginSignup
2
1

More than 1 year has passed since last update.

@1ksen

CloudFormationで権限周りのエラーにハマったとき

Last updated at Posted at 2022-03-31

何がツライか

  • CloudFormationでリソースを作るとき、以下のようなエラーにハマるのが辛い(Action教えてくれ)

image.png

何が私を救ってくれたか

Description
Returns detailed information about an extension that has been registered.
If you specify a VersionId , DescribeType returns information about that specific extension version. Otherwise, it returns information about the default extension version.

使い方:aws cloudformation describe-type

コマンド

$ aws cloudformation describe-type --type RESOURCE --type-name AWS::NetworkFirewall::Firewall --query Schema --output text | jq .handlers

実行結果

{
  "create": {
    "permissions": [
      "ec2:CreateVpcEndpoint",
      "ec2:DescribeVpcEndpoints",
      "ec2:DescribeSubnets",
      "ec2:DescribeVpcs",
      "network-firewall:CreateFirewall",
      "network-firewall:DescribeFirewallPolicy",
      "network-firewall:DescribeRuleGroup",
      "network-firewall:TagResource"
    ]
  },
  "read": {
    "permissions": [
      "network-firewall:DescribeFirewall",
      "network-firewall:ListTagsForResources"
    ]
  },
  "update": {
    "permissions": [
      "network-firewall:AssociateSubnets",
      "network-firewall:DisassociateSubnets",
      "network-firewall:UpdateFirewallDescription",
      "network-firewall:UpdateFirewallDeleteProtection",
      "network-firewall:UpdateSubnetChangeProtection",
      "network-firewall:UpdateFirewallPolicyChangeProtection",
      "network-firewall:AssociateFirewallPolicy",
      "network-firewall:TagResource",
      "network-firewall:UntagResource",
      "network-firewall:DescribeFirewall"
    ]
  },
  "delete": {
    "permissions": [
      "ec2:DeleteVpcEndpoints",
      "logs:DescribeLogGroups",
      "logs:DescribeResourcePolicies",
      "logs:GetLogDelivery",
      "logs:ListLogDeliveries",
      "network-firewall:DeleteFirewall",
      "network-firewall:UntagResource"
    ]
  },
  "list": {
    "permissions": [
      "network-firewall:ListFirewalls"
    ]
  }
}
2
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
1