DEVHIDE
Login Or Sign up

What access is necessary to update a CloudFormation stack with nested stacks

218 Views Asked by At

Using nested stacks is a best practice in AWS CloudFormation, and indeed they solve many problems (code reuse, stack limits, etc).

It's also generally a good idea to do any sort of updates with the minimal access necessary for that update (using the RoleARN of the UpdateStack command). I can't seem to find any documentation on exactly IAM access is necessary to update a stack that has nested stacks.

aws-cloudformation nested-stack
Original Q&A
1

There are 1 best solutions below

0
Claude On

As described here, a stack update will always get the template for the nested stack again.

  1. (in addition to any rights necessary for the resources that are to be changed),s3:GetObject (or s3:GetObjectVersion if a versioned url is used) is necessary for the location where the template for the nested stack is hosted.
  2. In addition (and I'm not sure why), an iam:GetRole is necessary for role to self-inspect (so the Resource should be the Arn of the role itself).

Related Questions in AWS-CLOUDFORMATION

Related Questions in NESTED-STACK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.