CloudFormation stacks should have associated service roles

cloudformation
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

CloudFormation stacks should use service roles (IAM roles) instead of user credentials. Using a service role allows you to specify which actions CloudFormation can perform, following the principle of least privilege. This provides better security control and auditability for stack operations.

Remediation

Associate an IAM service role with your CloudFormation stack.

From the console

  1. Open the AWS CloudFormation console.
  2. Select the stack you want to update.
  3. Choose Stack actions, then Update stack.
  4. In the Permissions section, select an existing IAM role or create a new one.
  5. Complete the stack update wizard.

From the command line

aws cloudformation update-stack \
    --stack-name <stack-name> \
    --role-arn arn:aws:iam::123456789012:role/CloudFormationServiceRole \
    --use-previous-template