[VMC on AWS] Creating an SDDC with AWS CloudFormation template fails with an error on AWS console
book
Article ID: 329971
calendar_today
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
Symptoms: When you try to connect SDDC to your AWS account with AWS CloudFormation template, you see some errors such as "CREATE_FAILED" on AWS console.
On AWS console, you can see the error as following. The error tells you about operations that failed due to insufficient permissions.
CREATE_FAILED
API: iam:CreateRole User: arn:aws:iam::************:user/******** is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::************:role/vmware-sddc-formation-f1904c92-d3bc-4a3-RemoteRole-1QTVESI3QPG1N
Cause
If your AWS account does not have sufficient permissions to run the Cloud Formation template, you will see errors as described in Symptoms above.
Resolution
Creating the SDDC from CloudFormation template requires some AWS permissions. Please refer to the link in Related Information section to check AWS permission requirement. Initial permissions required to create the SDDC are shown in italics in the document.