Closed OlafConijn closed 4 years ago
I believe you have to pass a execution role arn when submitting: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html
You can probably pass the role already used by orgformation because we know that works.
as the right role seems to be generated into the resource-role.yml figured this would be deployed and used by the cfn tool?
now passing in the role
cfn submit --region us-east-1 --role-arn arn:aws:iam::xxxxxxxxxxxxxx:role/ResourceProviderTest
which has administrative access can be assumed by cloudformation.amazonaws.com
but this doesnt seem to make a difference
changed the assume-role policy to allow resources.cloudformation.amazonaws.com
.
also didnt seem to be 'it'. lets have a look at this together some time.
yes, that is right, but i believe you need more permissions as described here: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html
hi! got quite far on my own.
ran
cfn generate && npm run build && cfn submit --region us-east-1
in the folderorg/organizationalunit
ranaws cloudformation create-stack --stack-name organization --template-body file://example-template.yml --region us-east-1
in the rootfolder.template gets build, etc. stack gets created (pretty magical!!). but in the events i get
Error: You don't have permissions to access this resource.
any ideas?