Permission issue on resource arn:aws:cloudformation:us-east-1:aws:transform
I am trying to integrate swagger with api gateway and lambda using swagger extensions. Swagger file is uploaded in a S3 bucket, I am using Body with transform and include as below
Using BodyS3Location in AWS::ApiGateway::RestApi properties returns error Unable to parse API definition because of a malformed integration for the same integration mentioned above I referred Swagger file with AWS Extensions stored in S3 Bucket for API Creation with Cloudformation.
and modified the template as below for AWS::ApiGateway::RestApi properties
Body:
Fn::Transform:
Name: AWS::Include
Parameters:
Location:
Fn::Sub: "s3://${BucketName}/apiSwaggerSpec.yaml"
For the stack above I have all the permission on cloudformation actions
Below code I have added as swagger extension.
x-amazon-apigateway-auth:
type: "aws_iam"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
passthroughBehavior: "when_no_match"
uri:
Fn::Sub: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:${accountId}:function:testLambdaFunction/invocations"
credentials:
Fn::Sub: "arn:aws:iam::${accountId}:role/${myRole}"
responses:
default:
statusCode: 200
I am getting permission denied error with message as
myrole is not authorized to perform cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/include
Do I need to add special permissions for transform/include. aws documentation says it doesn't need special permissions?
amazon-web-services swagger amazon-cloudformation aws-api-gateway openapi
add a comment |
I am trying to integrate swagger with api gateway and lambda using swagger extensions. Swagger file is uploaded in a S3 bucket, I am using Body with transform and include as below
Using BodyS3Location in AWS::ApiGateway::RestApi properties returns error Unable to parse API definition because of a malformed integration for the same integration mentioned above I referred Swagger file with AWS Extensions stored in S3 Bucket for API Creation with Cloudformation.
and modified the template as below for AWS::ApiGateway::RestApi properties
Body:
Fn::Transform:
Name: AWS::Include
Parameters:
Location:
Fn::Sub: "s3://${BucketName}/apiSwaggerSpec.yaml"
For the stack above I have all the permission on cloudformation actions
Below code I have added as swagger extension.
x-amazon-apigateway-auth:
type: "aws_iam"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
passthroughBehavior: "when_no_match"
uri:
Fn::Sub: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:${accountId}:function:testLambdaFunction/invocations"
credentials:
Fn::Sub: "arn:aws:iam::${accountId}:role/${myRole}"
responses:
default:
statusCode: 200
I am getting permission denied error with message as
myrole is not authorized to perform cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/include
Do I need to add special permissions for transform/include. aws documentation says it doesn't need special permissions?
amazon-web-services swagger amazon-cloudformation aws-api-gateway openapi
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05
add a comment |
I am trying to integrate swagger with api gateway and lambda using swagger extensions. Swagger file is uploaded in a S3 bucket, I am using Body with transform and include as below
Using BodyS3Location in AWS::ApiGateway::RestApi properties returns error Unable to parse API definition because of a malformed integration for the same integration mentioned above I referred Swagger file with AWS Extensions stored in S3 Bucket for API Creation with Cloudformation.
and modified the template as below for AWS::ApiGateway::RestApi properties
Body:
Fn::Transform:
Name: AWS::Include
Parameters:
Location:
Fn::Sub: "s3://${BucketName}/apiSwaggerSpec.yaml"
For the stack above I have all the permission on cloudformation actions
Below code I have added as swagger extension.
x-amazon-apigateway-auth:
type: "aws_iam"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
passthroughBehavior: "when_no_match"
uri:
Fn::Sub: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:${accountId}:function:testLambdaFunction/invocations"
credentials:
Fn::Sub: "arn:aws:iam::${accountId}:role/${myRole}"
responses:
default:
statusCode: 200
I am getting permission denied error with message as
myrole is not authorized to perform cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/include
Do I need to add special permissions for transform/include. aws documentation says it doesn't need special permissions?
amazon-web-services swagger amazon-cloudformation aws-api-gateway openapi
I am trying to integrate swagger with api gateway and lambda using swagger extensions. Swagger file is uploaded in a S3 bucket, I am using Body with transform and include as below
Using BodyS3Location in AWS::ApiGateway::RestApi properties returns error Unable to parse API definition because of a malformed integration for the same integration mentioned above I referred Swagger file with AWS Extensions stored in S3 Bucket for API Creation with Cloudformation.
and modified the template as below for AWS::ApiGateway::RestApi properties
Body:
Fn::Transform:
Name: AWS::Include
Parameters:
Location:
Fn::Sub: "s3://${BucketName}/apiSwaggerSpec.yaml"
For the stack above I have all the permission on cloudformation actions
Below code I have added as swagger extension.
x-amazon-apigateway-auth:
type: "aws_iam"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
passthroughBehavior: "when_no_match"
uri:
Fn::Sub: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:${accountId}:function:testLambdaFunction/invocations"
credentials:
Fn::Sub: "arn:aws:iam::${accountId}:role/${myRole}"
responses:
default:
statusCode: 200
I am getting permission denied error with message as
myrole is not authorized to perform cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/include
Do I need to add special permissions for transform/include. aws documentation says it doesn't need special permissions?
amazon-web-services swagger amazon-cloudformation aws-api-gateway openapi
amazon-web-services swagger amazon-cloudformation aws-api-gateway openapi
asked Jan 1 at 6:54
SteveSteve
186
186
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05
add a comment |
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53993584%2fpermission-issue-on-resource-arnawscloudformationus-east-1awstransform%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53993584%2fpermission-issue-on-resource-arnawscloudformationus-east-1awstransform%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is your CloudFormation Role able to access the Swagger-File in the Bucket, i.e. does it have the permissions to do so?
– Maurice
Jan 1 at 23:43
yes, bucket is public and for "myRole" I have "cloudformation:*" actions allowed for the stacks with prefix "apiGlobal", Here my stack name is apiGlobal
– Steve
Jan 3 at 6:05