27

AWS SAM deploying codebase to AWS cloud using aws-sam-cli but it throw me below error.

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Requires capabilities : [CAPABILITY_IAM]

Itay Moav -Malimovka
  • 52,579
  • 61
  • 190
  • 278
Sagar
  • 4,473
  • 3
  • 32
  • 37

3 Answers3

50

When you're creating or deploying a stack you need to explicitly allow creation of IAM resources. To do that, you need to add the parameter when calling sam deploy:

--capabilities CAPABILITY_IAM

If you want to create named IAM resources (e.g. roles or users where you explicitly specify the name), you'll want to use --capabilities CAPABILITY_NAMED_IAM instead.

You can read more about deploying IAM resources in CloudFormation here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities

SAM deployment documentation: https://github.com/awslabs/aws-sam-cli/blob/develop/docs/deploying_serverless_applications.rst#deploying-your-application

pbeardshear
  • 910
  • 7
  • 8
  • thanks its work fine with `--capabilities CAPABILITY_IAM` flag – Sagar Sep 08 '18 at 18:32
  • thanks Could SAM be anymore opiniated ;( – Stephane May 22 '22 at 21:19
  • Ok, 'funny' this didn't work for me: `sam deploy --config-env default --profile myprofile –-capabilities CAPABILITY_IAM` But this did: `sam deploy --config-env default --capabilities CAPABILITY_IAM --profile myprofile` – Rutger Jan 19 '23 at 09:53
2

Do check your YAML file indentation. review the YAML file once again, if it's a tad bit not up to the SAM standards it will throw this error. DO check once again.

anas khan
  • 29
  • 2
0

Search the stack in cloudformation and delete it, and then try to run the command again, this helped me solve the problem

ajangra
  • 1