User is not authorized to perform: cloudformation:CreateStack

Question

I'm trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create I'm getting the following error.

AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-1:XXXXXXXXX:stack/XXXXXXXXX-development-r/*

I have created a user and granted the following permissions to the user.

1. AWSLambdaFullAccess
2. AmazonS3FullAccess
3. CloudFrontFullAccess
4. AWSCloudFormationReadOnlyAccess ( There was no AWSCloudFormationFullAccess to grant )

How can I proceed? What else permissions I have to grant?

Answer 1

The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess, but obviously that's for readonly and you need cloudformation:CreateStack. Add the following as a user policy.

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "Stmt1449904348000",

            "Effect": "Allow",

            "Action": [

                "cloudformation:CreateStack"

            ],

            "Resource": [

                "*"

            ]

        }

    ]

}

It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.