Open NickDarvey opened 3 years ago
@NickDarvey did you ever figure out a work around? I'm having the same issue
hi!
completely missed this before.
The error is: ERROR: Roles may not be assumed by root accounts.
I kinda wonder what the intention was behind running these commands as root, but this step will need to be ran as an IAM user.
you might already have an IAM user provisioned in the target account (or otherwise temporarily create one) you can use by running aws configure
or setting up your credentials in ~/.aws/credentials
.
I managed to run the script after the following changes:
AdministratorAccess
Permissions policy to the user created in 1.{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
aws cloudformation create-stack --stack-name org-formation-role --template-body file://src/templates/000-org-build/role.yml --region eu-north-1 --capabilities CAPABILITY_NAMED_IAM
npx org-formation update ./src/organization.yml --verbose
to build.This seems to be the expected procedure! If so, updating the documentation or creating a bootstrap script for this would be beneficial. I am happy to help out!
Step 5 of the README says that:
however running the
update
command gives me this result:(I think the warning is irrelevant in this case.)
I believe I could workaround this by creating an IAM account and specifying it as one of the
assumeRolePrincipals
for the next step:Is this what I should be doing? Or have I likely got something else wrong?