eduardomourar
commented
4 years ago I believe you have to pass a execution role arn when submitting: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html
Closed OlafConijn closed 4 years ago
eduardomourar
commented
4 years ago I believe you have to pass a execution role arn when submitting: https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html
eduardomourar
commented
4 years ago You can probably pass the role already used by orgformation because we know that works.
OlafConijn
commented
4 years ago as the right role seems to be generated into the resource-role.yml figured this would be deployed and used by the cfn tool?
now passing in the role
cfn submit --region us-east-1 --role-arn arn:aws:iam::xxxxxxxxxxxxxx:role/ResourceProviderTest
which has administrative access can be assumed by cloudformation.amazonaws.com but this doesnt seem to make a difference
OlafConijn
commented
4 years ago changed the assume-role policy to allow resources.cloudformation.amazonaws.com.
also didnt seem to be 'it'. lets have a look at this together some time.
eduardomourar
commented
4 years ago yes, that is right, but i believe you need more permissions as described here: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html
hi! got quite far on my own.
ran
cfn generate && npm run build && cfn submit --region us-east-1in the folderorg/organizationalunitranaws cloudformation create-stack --stack-name organization --template-body file://example-template.yml --region us-east-1in the rootfolder.template gets build, etc. stack gets created (pretty magical!!). but in the events i get
Error: You don't have permissions to access this resource.any ideas?