User is not authorized to perform: cloudformation:CreateStack

amazon-web-services amazon-cloudformation amazon-iam

The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess, but obviously that's for readonly and you need cloudformation:CreateStack. Add the following as a user policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.


What @tedder42 said, but I also had to add the following to my group policy before I could deploy to lambda from inside visual studio.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

In my recent experience the policy required was

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

I wasn't able to get the shorter versions shown above to work; what fixed things for me was extending @mancvso 's answer slightly to add "cloudformation:GetTemplateSummary":

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:GetTemplateSummary"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

if you have multiple AWS profiles, try to explicity 

export AWS_ACCESS_KEY_ID=<value>
export AWS_SECRET_ACCESS_KEY=<value>

before trying 

serverless deploy

Related

How do I fill a column with one value in Pandas?
Rebase only part of a branch
Can I (re)map Ex commands in vim?
Why should I write CLS compliant code?
Imported a csv-dataset to R but the values becomes factors
How do I set <table> border width with CSS?
How to change start destination of a navigation graph programmatically [Jetpack]
Passing an array of parameters to a stored procedure
Can I escape braces in a java MessageFormat?
What's the difference between Quartz Core, Core Graphics and Quartz 2D?
$(document).ready(function() VS $(function(){ [duplicate]
Convert Map<String,Object> to Map<String,String>