CloudFormation stacks should have associated service roles

cloudformation
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

CloudFormation stacks should use service roles (IAM roles) instead of user credentials. Using a service role allows you to specify which actions CloudFormation can perform, following the principle of least privilege. This provides better security control and auditability for stack operations.

Remediation

Associate an IAM service role with your CloudFormation stack.

From the console

  1. Open the AWS CloudFormation console.
  2. Select the stack you want to update.
  3. Choose Stack actions, then Update stack.
  4. In the Permissions section, select an existing IAM role or create a new one.
  5. Complete the stack update wizard.

From the command line

aws cloudformation update-stack \
    --stack-name <stack-name> \
    --role-arn arn:aws:iam::123456789012:role/CloudFormationServiceRole \
    --use-previous-template