I'm getting this error while modifying the stack change
API: iam:PutRolePolicy User: arn:aws:sts::769558805:assumed-role/AWS-QuickSetup-StackSet-Local-AdministrationRole/AWSCloudFormation is not authorized to perform: iam:PutRolePolicy on resource: role test-eu-west-1-lambdaRole because no identity-based policy allows the iam:PutRolePolicy action
Previously, I also updated the same using the Designer, however, everything went smoothly without any errors. The error only appeared this time. Does anyone know what may be the cause is?
Questions:
- Where should I put this
iam:PutRolePolicypolicy? In JSON template or attach it to the AWS-QuickSetup-StackSet-Local-AdministrationRole/AWSCloudFormation in IAM > Policy?
Okay, so my stack has these events:
which require these rules in policy:
After several steps of creating change sets, receiving errors, and fixing them, I finally made it work. So the solution here was to check the error line by line, type by type, then adjust the policy accordingly.
However, this is still a bit time-consuming as I needed to test and run the stack every time I added a new policy. Not sure if there is a way to know all these "required" policies before executing stacks, if anyone knows any references, please comment below.