capabilities

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAMSome stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

• If you have IAM resources, you can specify either capability.

• If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

• If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error. If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

• AWS::IAM::AccessKey

• AWS::IAM::Group

• AWS::IAM::InstanceProfile

• AWS::IAM::ManagedPolicy

• AWS::IAM::Policy

• AWS::IAM::Role

• AWS::IAM::User

• AWS::IAM::UserToGroupAddition For more information, see Acknowledging IAM resources in CloudFormation templates.

• CAPABILITY_AUTO_EXPANDSome template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.For more information about macros, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.