Open xirkus opened 3 years ago
Transferring to correct repo.
Here is a list of SAM permissions : https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-permissions.html which should be relevant.
thanks @sriram-mv!
Dealing with this exact problem right now. +1 on getting the list of permissions into the documentation.
Also to anyone else going through the deploy->fail->add-permission->deploy->fail>.... loop one will also get a cryptic error like
Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression "Stacks[].StackStatus" we matched expected path: "ROLLBACK_FAILED" at least once
The trick here is to delete the stuck CloudFormation stack by hand in the web-console before trying to deploy again.
+1 to this. Lack of information on what is required has forced us to be overpermissive in dangerous ways.
Edit: I had capabilities = "CAPABILITY_IAM"
in my settings, which made SAM deploy require a bunch of IAM privileges even if it wasn't changing anything in IAM.
Describe your idea/feature/enhancement
Currently, it seems that SAM requires
iam:CreateRole
for a profile when attempting to runsam deploy --guided
. It would be useful if the SAM CLI were able to query an AWS profile's capabilities to see if deployment can proceed. As a consequence of failed deployment, the Cloudformation stack must also be manually deleted.Proposal
There are a few things that would improve the developer experience in this regard:
sam deploy
in the output.Things to consider: [ ] The SAM documentation will need to be updated
Additional Details
The lack of feedback in the tool impacts the developer UX and adoptability of AWS SAM.