[VMC on AWS] Creating an SDDC with AWS CloudFormation template fails with an error on AWS console
search cancel

[VMC on AWS] Creating an SDDC with AWS CloudFormation template fails with an error on AWS console

book

Article ID: 329971

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Symptoms:
When you try to connect SDDC to your AWS account with AWS CloudFormation template, you see some errors such as "CREATE_FAILED" on AWS console.

On AWS console, you can see the error as following. The error tells you about operations that failed due to insufficient permissions.

CREATE_FAILED

API: iam:CreateRole User: arn:aws:iam::************:user/******** is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::************:role/vmware-sddc-formation-f1904c92-d3bc-4a3-RemoteRole-1QTVESI3QPG1N


Cause

If your AWS account does not have sufficient permissions to run the Cloud Formation template, you will see errors as described in Symptoms above.

Resolution

Creating the SDDC from CloudFormation template requires some AWS permissions.
Please refer to the link in Related Information section to check AWS permission requirement.
Initial permissions required to create the SDDC are shown in italics in the document.

Additional Information

AWS Roles and Permissions
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-DE8E80A3-5EED-474C-AECD-D30534926615.html