Currently if CloudFormation cannot tag the AWS::IAM::Role. CloudFormation gives the below error within the Stack Events but proceeds with the deployment.
"Encountered a permissions error applying tags, please add required tag permissions. Retrying request without including tags. Details: Resource handler returned message: User: arn:aws:sts::123456789:example-assumed-role is not authorized to perform: < eg API: :iam:TagRole> on resource: arn:aws:iam::123456789:role/abc with an explicit deny in an identity-based policy."
The request is to add an option for the stack to fail and rollback, i.e a 'strict' mode. This is because for example when deploying using stack sets, it can be nearly impossible to detect this.
Name of the resource
AWS::IAM::Role
Resource name
No response
Description
Currently if CloudFormation cannot tag the AWS::IAM::Role. CloudFormation gives the below error within the Stack Events but proceeds with the deployment.
"Encountered a permissions error applying tags, please add required tag permissions. Retrying request without including tags. Details: Resource handler returned message: User: arn:aws:sts::123456789:example-assumed-role is not authorized to perform: < eg API: :iam:TagRole> on resource: arn:aws:iam::123456789:role/abc with an explicit deny in an identity-based policy."
The request is to add an option for the stack to fail and rollback, i.e a 'strict' mode. This is because for example when deploying using stack sets, it can be nearly impossible to detect this.
Other Details
No response