Serverless-application-model: Requires capabilities : [CAPABILITY_IAM]

This error is a security related message: it happens when you try to create
a CloudFormation stack that includes the creation of IAM related resources.
You have to explicitly tell CloudFormation that you are OK with that.

To make it work, simply add the parameter --capabilities CAPABILITY_IAM to
your deploy command. That should solve the problem.

Cheers!

On Mon, Jan 2, 2017, 2:30 PM Avi Zloof notifications@github.com wrote:

Hi,
I am trying to enable serverless deployment with pipline and
cloudformation services but failing to do so due to the following error:

My set of commands was:

c:\StackData\lambda>aws cloudformation package --template-file samTemplate.yml --s3-bucket lambdabiot --output-template-file outputTemplate.yml

Successfully packaged artifacts and wrote output template to file outputTemplate.yml.
Execute the following command to deploy the packaged template
aws cloudformation deploy --template-file c:\StackData\lambda\outputTemplate.yml --stack-name

c:\StackData\lambda>
c:\StackData\lambda>aws cloudformation deploy --template-file c:\StackData\lambda\outputTemplate.yml --stack-name ProdStack
Waiting for changeset to be created..

An error occurred (InsufficientCapabilitiesException) when calling the ExecuteChangeSet operation: Requires capabilities : [CAPABILITY_IAM]

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/awslabs/serverless-application-model/issues/51, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAP995gSvsiOZf9B8l0yJ2wvP5_IVmiwks5rOPv1gaJpZM4LZAzq
.

adding --capabilities should solve the problem. Let us know if it doesn't

Thanks

I added the --capabilities CAPABILITY_IAM flag, but still get the the "Access denied" message in my console.

Here's the command I executed:

 aws cloudformation deploy \
   --template-file serverless-output.yaml \
   --stack-name prod \
    --capabilities CAPABILITY_IAM

anytihing else that could cause this? thx for your support!

I have the exact same issue when I run create-stack for a cloudformation template that contains IAM policies.

aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_IAM --profile dev

An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_NAMED_IAM]

@davidwebstar34 For you, switch --capabilities CAPABILITY_IAM to --capabilities CAPABILITY_NAMED_IAM. If you're not letting CloudFormation name your IAM resources you need to pass this capability.

i was also faced this issue ,fixed it by adding --capabilities CAPABILITY_IAM

adding --capabilities CAPABILITY_IAM worked for me too. Thanks

adding --capabilities CAPABILITY_IAM fixed the issue for me

Add --capabilities CAPABILITY_NAMED_IAM
This should fix the issue

Thanks @piyushchordia, CAPABILITY_NAMED_IAM worked for me also.

I ended up with a command like:

AWS_DEFAULT_PROFILE=role_name aws cloudformation create-stack --stack-name stack_name --template-url s3_url/template file --parameters file:///local_params.json --capabilities CAPABILITY_NAMED_IAM

i tried CAPABILITY_NAMED_IA & CAPABILITY_IAM, neither work for me, still get the same error message as avizaviz, my cmd is:
aws cloudformation deploy --template-file target/output-sam.yaml --stack-name spring-boot-lambda --capabilities CAPABILITY_IAM
any suggesion?@sanathkr

You may sometimes need multiple capabilities, like when working with nested stacks. You can add multiple capabilities by listing them (separated by a space):
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND

See https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html for more information about these capabilities. For most cases, you will only need one of these capabilities.

adding --capabilities CAPABILITY_IAM fixed the issue. thxs