Help us understand the problem. What is going on with this article?

AWS CloudFormationのデプロイエラー

More than 1 year has passed since last update.

express-generatorで生成したテンプレートプロジェクトをTypeScript実装に置換|AWSでサーバレス化の続きで、
CloudFormationにデプロイしようとしたらエラーが出た。
IAMユーザの権限からAdministratorAccessを消したのでエラーになったようだ。

AdministratorAccessの権限を付けてしまえば、恐らく何でも動くんだろうが、
普通はどうやって管理するものなのか、AWS初心者なのでよくわからない。
闇雲に強い権限を与えるのは良くないって事だけはわかる。。。

エラー

  • aws cloudformation deployでGetTemplateSummaryの権限が無いってエラーが出てる
#"setup": "npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy"
yarn setup

yarn run v1.6.0
$ npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy
up to date in 1.469s
{
    "LocationConstraint": "ap-northeast-1"
}
$ yarn package && yarn deploy
$ aws cloudformation package --template ./cloudformation.yaml --s3-bucket $npm_package_config_s3BucketName --output-template packaged-sam.yaml --region $npm_package_config_region
Uploading to df1d86f794bdfa35e787d3f7414afdc4  16890828 / 16890828.0  (100.00%)
Successfully packaged artifacts and wrote output template to file packaged-sam.yaml.
Execute the following command to deploy the packaged template
aws cloudformation deploy --template-file /Users/uwettie/works/todo/packaged-sam.yaml --stack-name <YOUR STACK NAME>
$ aws cloudformation deploy --template-file packaged-sam.yaml --stack-name $npm_package_config_cloudFormationStackName --capabilities CAPABILITY_IAM --region $npm_package_config_region

An error occurred (AccessDenied) when calling the GetTemplateSummary operation: User: arn:aws:iam::[Accesskey]:user/[user] is not authorized to perform: cloudformation:GetTemplateSummary
error Command failed with exit code 255.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

対応

適切な対応かは一切わからないものの、これで動いた。

  • cloudformationの全操作を許可する権限を追加
  • cloudformation.yamlのLambdaExecutionRoleを作成時に権限エラーも出てたので、必要な分だけIAMロールの権限を追加

ポリシー名:AWSCloudFormationDeployer

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteRolePolicy",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:PutRolePolicy"
            ],
            "Resource": "arn:aws:iam::*:role/*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "cloudformation:*",
            "Resource": "*"
        }
    ]
}

Screen Shot 2018-04-24 at 3.15.47.png

AWSを使いこなすまでの道のりは険しい。。。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした