Use CAPABILITY_AUTO_EXPAND for nested stacks on CloudFormation

Question

I am trying to use nested stack and when my ChangeSet is being executed, I got this error:

Requires capabilities : [CAPABILITY_AUTO_EXPAND]

I went and create a pipeline with cloudformation.

This can be use to create a pipeline:

Configuration:
  ActionMode: CHANGE_SET_REPLACE
  ChangeSetName: changeset
  RoleArn: ??
  Capabilities: CAPABILITY_IAM
  StackName: appsync-graphql
  TemplatePath: BuildArtifact::output.yaml

This can’t:

Configuration:
  ActionMode: CHANGE_SET_REPLACE
  ChangeSetName: changeset
  RoleArn: ??
  Capabilities: 
    - CAPABILITY_IAM
    - CAPABILITY_AUTO_EXPAND
  StackName: appsync-graphql
  TemplatePath: BuildArtifact::output.yaml

The error was: “Value of property Configuration must be an object with String (or simple type) properties”

This is the closest docs that I find: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStack.html

It said: Type: Array of strings for capabilites, and the aws cli docs says similarly, but doesn’t give an example.

So I ran out of ideas about what else to try to have CAPABILITY_AUTO_EXPAND capability.

In my codepipeline template: 1. ```capabilities: - CAPABILITY_AUTO_EXPAND - CAPABILITY_IAM``` => I can’t deploy the pipeline. Error: “Value of property Configuration must be an object with String (or simple type) properties” — Tan Duong, Dec 03 '18 at 06:14
2. ```capabilities: 'CAPABILITY_AUTO_EXPAND CAPABILITY_IAM'``` I can deploy the pipeline but when it creates changeset, I got an error: *JobFailed* _1 validation error detected: Value ‘[CAPABILITY_IAM CAPABILITY_AUTO_EXPAND]’ at ‘capabilities’ failed to satisfy constraint: Member must satisfy constraint: [Member must satisfy enum value set: [CAPABILITY_AUTO_EXPAND, CAPABILITY_NAMED_IAM, CAPABILITY_IAM]] (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError;)_ — Tan Duong, Dec 03 '18 at 06:15
I have the same issue and I'm stuck. Thanks for reporting your results. — jbasko, Dec 06 '18 at 00:19

score 34 · Accepted Answer · answered Dec 06 '18 at 00:26

34

I tried another variant and it worked!

Configuration:
  ..
  Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND
  ...

answered Dec 06 '18 at 00:26

jbasko

7,028
1
38
51

2

It seems that Pipeline GUI does not offer this option. While I was still experimenting with Pipeline I just needed a quick fix, so I ran `aws codepipeline get-pipeline --name my-pipeline > tmp.json`, edited tmp.json, removed the version and metadata from the bottom, set `"Capabilities": "CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND"` and recommitted with: `aws codepipeline update-pipeline --cli-input-json file://tmp.json` – Alastair McCormack Feb 15 '19 at 22:45
1

That works, thank you. For info, make sure there is no space between `CAPABILITY_IAM,` and `CAPABILITY_AUTO_EXPAND` just as it is in the example above – Ivan Hristov Mar 21 '19 at 14:11

score 19 · Answer 2 · answered Dec 01 '18 at 08:33

19

I got the answer from Keeton Hodgson, this cli command works:

sam deploy --template-file output.yaml --stack-name <AppName> --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND

Notice that there is no comma.

I still don't know how to change the pipeline template for it to work.

answered Dec 01 '18 at 08:33

Tan Duong

1,473
2
17
29

This helped me with my AWS CLI script. Thanks. – Michael Behrens May 27 '20 at 20:07

score 5 · Answer 3 · answered Jun 14 '20 at 15:54

I tried the solutions above and what worked for me today (June 2020) using the higher level sam was adding a space between the capabilities listed. It's complete insanity that there's no resilience in this text file interpretation. SAM's cli is open source so I guess I could put my code where my mouth is and submit a PR. Anyway.

samconfig.toml:

...
capabilities = "CAPABILITY_IAM CAPABILITY_AUTO_EXPAND"
...

Then:

sam deploy

Output:

...
Capabilities               : ["CAPABILITY_IAM", "CAPABILITY_AUTO_EXPAND"]
...

score 0 · Answer 4 · answered Feb 03 '20 at 03:43

Put the capabilities property at the very end like this

aws cloud formation deploy COMMAND --capabilities CAPABILITY_NAMED_IAM

Change the order

Configuration:
  ActionMode: CHANGE_SET_REPLACE
  ChangeSetName: changeset
  RoleArn: ??
  StackName: appsync-graphql
  TemplatePath: BuildArtifact::output.yaml
  Capabilities: 
    - CAPABILITY_IAM
    - CAPABILITY_AUTO_EXPAND

score 0 · Answer 5 · edited Apr 25 '22 at 20:19

0

After some research found that you can actually add those capabilities in console.
Reference Capabilities - optional section in the cfn deploy phase definition in console

edited Apr 25 '22 at 20:19

The VOYOU

522
4
14

answered Apr 24 '22 at 04:31

Ava

1
1

Use CAPABILITY_AUTO_EXPAND for nested stacks on CloudFormation

5 Answers5

Linked