Product logo
DocsBlogPricing

Permissions for @turbot/aws-cloudformation

Taking a look at permissions and associated grant levels for each permission for CloudFormation:

PermissionGrant LevelHelp
cloudformation:ActivateTypeAdmin
cloudformation:BatchDescribeTypeConfigurationsMetadata
cloudformation:CancelResourceRequestOperator
cloudformation:CancelUpdateStackOperator
cloudformation:ContinueUpdateRollbackOperator
cloudformation:CreateChangeSetOperator
cloudformation:CreateResourceAdmin
cloudformation:CreateStackOperator
cloudformation:CreateStackInstancesAdmin
cloudformation:CreateStackSetAdmin
cloudformation:CreateUploadBucketOperatorCreates an S3 bucket for CFN templates
cloudformation:DeactivateTypeAdmin
cloudformation:DeleteChangeSetOperator
cloudformation:DeleteResourceAdmin
cloudformation:DeleteStackOperator
cloudformation:DeleteStackInstancesAdmin
cloudformation:DeleteStackSetAdmin
cloudformation:DeregisterTypeAdmin
cloudformation:DescribeAccountLimitsMetadata
cloudformation:DescribeChangeSetMetadata
cloudformation:DescribePublisherMetadata
cloudformation:DescribeStackDriftDetectionStatusMetadata
cloudformation:DescribeStackEventsMetadata
cloudformation:DescribeStackInstanceMetadata
cloudformation:DescribeStackResourceMetadata
cloudformation:DescribeStackResourceDriftsMetadata
cloudformation:DescribeStackResourcesMetadata
cloudformation:DescribeStackSetMetadata
cloudformation:DescribeStackSetOperationMetadata
cloudformation:DescribeStacksMetadata
cloudformation:DescribeTypeMetadata
cloudformation:DescribeTypeRegistrationMetadata
cloudformation:DetectStackDriftMetadataUsed to detect whether a stack’s actual configuration has been changed outside of CloudFormation.
cloudformation:DetectStackResourceDriftMetadata
cloudformation:DetectStackSetDriftMetadata
cloudformation:EstimateTemplateCostMetadataCost calculation does not contain data.
cloudformation:ExecuteChangeSetOperator
cloudformation:GetResourceMetadata
cloudformation:GetResourceRequestStatusMetadata
cloudformation:GetStackPolicyMetadata
cloudformation:GetTemplateMetadataTemplates describe resources but should not contain any data or sensitive information.
cloudformation:GetTemplateSummaryMetadata
cloudformation:ImportStacksToStackSetOperator
cloudformation:ListChangeSetsMetadata
cloudformation:ListExportsMetadata
cloudformation:ListImportsMetadata
cloudformation:ListResourceRequestsMetadata
cloudformation:ListResourcesMetadata
cloudformation:ListStackInstancesMetadata
cloudformation:ListStackResourcesMetadata
cloudformation:ListStackSetOperationResultsMetadata
cloudformation:ListStackSetOperationsMetadata
cloudformation:ListStackSetsMetadata
cloudformation:ListStacksMetadata
cloudformation:ListTypeRegistrationsMetadata
cloudformation:ListTypeVersionsMetadata
cloudformation:ListTypesMetadata
cloudformation:PublishTypeAdmin
cloudformation:RecordHandlerProgressAdmin
cloudformation:RegisterTypeAdmin
cloudformation:RegisterPublisherAdmin
cloudformation:SetStackPolicyOperatorStack policies do not replace IAM but instead are used to protect resources.
cloudformation:SetTypeConfigurationAdmin
cloudformation:SetTypeDefaultVersionAdmin
cloudformation:SignalResourceOperator
cloudformation:StopStackSetOperationAdmin
cloudformation:TagResourceOperator
cloudformation:TagResourcesOperator
cloudformation:TestTypeOperator
cloudformation:UntagResourceOperator
cloudformation:UntagResourcesOperator
cloudformation:UpdateResourceAdmin
cloudformation:UpdateStackOperator
cloudformation:UpdateStackInstancesAdmin
cloudformation:UpdateStackSetAdmin
cloudformation:UpdateTerminationProtectionOperatorUpdates termination protection for the specified stack. If a user attempts to delete a stack with termination protection enabled the operation fails and the stack remains unchanged.
cloudformation:ValidateTemplateMetadata