cloudformation-cli icon indicating copy to clipboard operation
cloudformation-cli copied to clipboard
verified publisher icon aws-cloudformation

Execution role is missing `cloudformation:ListExports`

Open ericzbeard opened this issue 3 years ago • 0 comments

When running cfn generate, resource-role.yaml is created based on the roles required in the resource schema. If the user provides inputs for testing and includes a template variable in the inputs, test-type fails.

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListExports operation: 
User: arn:aws:sts::755952356119:assumed-role/awscommunity-s3-deletebucketcontents-ExecutionRole-AJU1L19ZAMNZ/CloudFormationContractTest-20221112002935 
is not authorized to perform: cloudformation:ListExports because no identity-based policy allows the cloudformation:ListExports action

The workaround is to manually edit resource-role.yaml to add the missing action.

ericzbeard avatar Nov 12 '22 00:11 ericzbeard