Setting the capability for aws cloudformation template-validate

32
votes

I am trying to validate a Cloudformation template. The command I am issuing is:

▶ aws cloudformation validate-template --template-body file://template.json

The response I am getting, however, is:

"CapabilitiesReason": "The following resource(s) require capabilities: 
  [AWS::IAM::Role]",

I can't find any way to set the capability unfortunately.

How do you set the capability?

1
amazon-web-servicesamazon-cloudformation
I have the same problem. --capabilities=CAPABILITY_IAM with create-stack cli commands makes stacks but validate-stack seems to require this capability also but there is no cli option for adding itVorsprung
It's not an error. It's a notification to inform you that when you execute create-stack or update-stack that you have to specify the CAPABILITY_IAM capability.jzonthemtn

1 Answers

35
votes

The Capabilities and CapabilitiesReason outputs from validate-template are not errors. They are normal outputs listing resources requiring capabilities that will need to be specified (via --capabilities) when running create-stack or update-stack in the future.

You can confirm that a validation succeeded without errors by checking that the return code is 0 indicating the command completed successfully.

The documentation for the validate-template outputs is as follows:

Capabilities -> (list)

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the create-stack or update-stack actions with your template; otherwise, those actions return an InsufficientCapabilities error. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

CapabilitiesReason -> (string)

The list of resources that generated the values in the Capabilities response element.