Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
IAM resource provisioning that is using AWS Cloud Formation Template fails with status code and message: 400 - InsufficientCapabilitiesException - Requires capabilities : [CAPABILITY_NAMED_IAM] - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • IAM resource provisioning that is using AWS Cloud Formation Template fails with status code and message: 400 - InsufficientCapabilitiesException - Requires capabilities : [CAPABILITY_NAMED_IAM]
KB0831381

IAM resource provisioning that is using AWS Cloud Formation Template fails with status code and message: 400 - InsufficientCapabilitiesException - Requires capabilities : [CAPABILITY_NAMED_IAM]


1798 Views Last updated : Apr 8, 2024 public Copy Permalink
KB Summary by Now Assist

Issue

When provisioning an IAM resource using AWS Cloud Formation Template, you might received the following error:

Failed to execute API - Failed with status code and message: 400: <ErrorResponse xmlns="http://cloudformation.amazonaws.com/doc/2010-05-15/"> <Error> <Type>Sender</Type> 
<Code>InsufficientCapabilitiesException</Code> <Message>Requires capabilities : [CAPABILITY_NAMED_IAM]</Message>
</Error> <RequestId>xxxxxxx</RequestId> </ErrorResponse> (script_include:CloudRESTAPIInvoker; line 142)

Release

Any

Cause

This is a common AWS error whenever a stack is trying to create a IAM (aws access related) resource, it needs a certain flag for it to be allowed.
According to AWS, this can be solved with adding parameter: “ --capabilities CAPABILITY_NAMED_IAM ” when running it from the command line. Or by clicking the "IAM capability" checkbox when running it from AWS GUI.

Resolution

In order to replicate AWS requirement to pass the parameter, perform the following:

  1. From Cloud Admin Portal - Design - Cloud Catalog items, open the IAM CFT template you have created earlier.
  2. On the related links, Click on Manage Attributes, then Click on Blueprint Container Resource.Provision.
  3. On the operation attributes, click AdditionalAPIParameters.
  4. In the mapping column, put the following JSON and then save/update it.
    {
    "Capabilities.member.1": "CAPABILITY_NAMED_IAM"
    }


Sometimes, passing the parameter is not enough to successfully provision the IAM account. If that is the case, contact the AWS admin team to implement the following permission for the AWS credential used for this activity:
{
"Effect": "Allow",
"Action": [
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"iam:Role*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy"
],
"Resource": "*"
}


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.