How to Add CloudFormation:ListStacks Permission
On January 25, 2023, AWS updated their DescribeStacks API to ensure customers have granular control over the APIs they use. AWS CloudFormation now requires that customers have the
cloudformation:ListStacks permission when calling DescribeStacks without a target stack. As a result, an update to the CloudFormation stack you are using is required. AWS has been contacting customers regarding an update to the CloudFormation stack you are using. You can use the steps below to add the permission to the stack you are using for CloudCheckr:
How to Add the Role
- Login to the AWS Console.
- Navigate to Identity and Access Management (IAM).
- Under Access Management, select Roles.
- In the search, search for the CloudCheckr IAM Stack. By default, CloudCheckr's stack name begins with "cc-iam-stack"
- Under Permission policies, expand the CloudCheckr-Inventory-Policy section.
- Click Edit, then when the visual editor opens, select the JSON tab.
- Add the
cloudformation:ListStackspermission. All permissions are sorted alphabetically.
- Click Review Policy.
- Review the policy, and once completed, click Save Changes.
Once completed, you are all set. No further changes are needed and you do not need to do anything in CloudCheckr.
Frequently Asked Questions
Yes, however if you are using a single role then you will need to update one role's permission.
This role will specifically impact the CloudFormation Inventory report.