When running cfn generate, resource-role.yaml is created based on the roles required in the resource schema. If the user provides inputs for testing and includes a template variable in the inputs, test-type fails.
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListExports operation:
User: arn:aws:sts::755952356119:assumed-role/awscommunity-s3-deletebucketcontents-ExecutionRole-AJU1L19ZAMNZ/CloudFormationContractTest-20221112002935
is not authorized to perform: cloudformation:ListExports because no identity-based policy allows the cloudformation:ListExports action
The workaround is to manually edit resource-role.yaml to add the missing action.
When running
cfn generate,resource-role.yamlis created based on the roles required in the resource schema. If the user providesinputsfor testing and includes a template variable in the inputs,test-typefails.The workaround is to manually edit
resource-role.yamlto add the missing action.