Cloud formation template for Datazone Environmentprofile
So I am trying to create a datazone environment profile through Cloudformation template, I was able to create datazone domain, project successfully through CFT. I have done Environment Blueprint Configuration(DefaultDataLake) manually, where I have created to manage access role and Provisioning role. Also given the required policy in manage access role. Also added the manage policy role in lake formation (AWS Lake Formation >Administrative roles and tasks). So whenever I am creating the environmentprofile and environment through aws console its getting created successfully but whenever I am trying it through CFT its giving me an error [User is not permitted to perform operation: CreateEnvironmentProfile (Service: DataZone, Status Code: 403,]
AWSTemplateFormatVersion: '2010-09-09'
Description: Datazone environment
Resources:
Environment:
Type: AWS::DataZone::EnvironmentProfile
Properties:
AwsAccountId: #accountID
AwsAccountRegion: us-east-2
DomainIdentifier: #domainidentifier
EnvironmentBlueprintIdentifier: DefaultDataLake
Name: #environmentprofilename
ProjectIdentifier: #projectname
- Mais recentes
- Mais votos
- Mais comentários
Hello,
As you might already know, when we create resources from a CloudFormation, we get an option to provide an IAM role for Cloud Formation to assume to spin up the resources. If not provided, the role that you are logged into the AWS console as will be used for this. If you are indeed passing a role to CloudFormation rto assume, can you please review that first.
Also, what you can do to troubleshoot is effectively is that you can navigate to the Cloud Trail console and compare the cloud trail event on the API call "CreateEnvironmentProfile" when it is being performed from console and from CFT. This might point us to any potential difference between the API calls.
Thank you!
Conteúdo relevante
AWS OFICIALAtualizada há 2 anos