Getting the error 'user XXXXXXXXX does not own a resource nvirgi-acl2-15txjsljshg15' (nvirgi-acl2-15txjsljshg15 is the name of the created acl), below is my cloud formation JSON for the vpc,subnets,acl and networkacl. How do i get pass this error ?
"VPC1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "false",
"Tags": [
"Key": "Name",
"Value": "My Dashboard"
"subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
"subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC1"
"Tags": [
"Key": "Name",
"Value": "MyDashboard"
"subnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "NetworkAcl1"
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "101",
"NetworkAclId": {
"Ref": "NetworkAcl2"
"acl3": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "102",
"NetworkAclId": {
"Ref": "NetworkAcl3"
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl1"
"SubnetId": {
"Ref": "subnet1"
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl2"
"SubnetId": {
"Ref": "subnet2"
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl3"
"SubnetId": {
"Ref": "subnet3"
"NetworkAcl1": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
"NetworkAcl2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
"NetworkAcl3": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
The issue is that the
property in theAWS::EC2::SubnetNetworkAclAssociation
resources ("subnetacl[1-3]"
) must reference theAWS::EC2::NetworkAcl
resources ("NetworkAcl[1-3]"
), not theAWS::EC2::NetworkAclEntry
resources ("acl[1-3]"
) as they are currently.