capabilities

In some cases, you must explicitly acknowledge that your StackSet template contains certain capabilities in order for CloudFormation to create the StackSet and related stack instances.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAMSome stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those StackSets, you must explicitly acknowledge this by specifying one of these capabilities.The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

• If you have IAM resources, you can specify either capability.

• If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

• If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error. If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

• AWS::IAM::AccessKey

• AWS::IAM::Group

• AWS::IAM::InstanceProfile

• AWS::IAM::Policy

• AWS::IAM::Role

• AWS::IAM::User

• AWS::IAM::UserToGroupAddition For more information, see Acknowledging IAM resources in CloudFormation templates.

• CAPABILITY_AUTO_EXPANDSome templates reference macros. If your StackSet template references one or more macros, you must create the StackSet directly from the processed template, without first reviewing the resulting changes in a change set. To create the StackSet directly, you must acknowledge this capability. For more information, see Perform custom processing on CloudFormation templates with template macros.StackSets with service-managed permissions don't currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a StackSet with service-managed permissions, if you reference a macro in your template the StackSet operation will fail.