Understand the Problem:
A user attempts to deploy a CloudFormation template to create an S3 bucket but the stack creation fails.
The user authenticates using Active Directory credentials.
Analyze the Requirements:
Identify permissions required for successful CloudFormation stack creation.
Evaluate the Options:
Option A: The user's IAM policy does not allow the cloudformation:CreateStack action.
Without this permission, the user cannot create CloudFormation stacks.
Option B: The user's IAM policy does not allow the cloudformation:CreateStackSet action.
StackSet is used for managing stacks across multiple accounts and regions, not relevant for a single stack creation.
Option C: The user's IAM policy does not allow the s3:CreateBucket action.
This permission is required to create an S3 bucket as part of the stack.
Option D: The user's IAM policy explicitly denies the s3:ListBucket action.
This permission is not required for bucket creation but for listing existing buckets.
Option E: The user's IAM policy explicitly denies the s3:PutObject action.
This permission is required to put objects in a bucket, not to create the bucket.
Select the Best Solution:
Option A and C: The user must have permissions for cloudformation:CreateStack and s3:CreateBucket to successfully create the stack and the S3 bucket.
AWS CloudFormation Permissions
IAM Policies and Permissions
Ensuring the user has the required permissions for cloudformation:CreateStack and s3:CreateBucket is crucial for successful stack creation.
Submit