Bug 1411369

Euwe backport details:

$ git log -1
commit f8754e69b0a1e26a683fd5c7cdb078925a6f2568
Author: Marcel Hild <hild>
Date:   Mon Dec 12 10:50:35 2016 +0100

    Merge pull request #88 from bzwei/orchestration_more_options
    
    Support all options to create orchestration stacks
    (cherry picked from commit 07feb3e1d847163da49491c276731f51c045bfc8)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1411369

Hi Bill , 

Needed some info to verify this bug. 
Correct me If I am wrong : 
1) Create a new role called "IAM" role 
2) Create a new group and under "Vm and templates" select orchestration template and assign to this group and check for errors? 

Please let me know.
Thanks, 
Shveta

For more information about IAM role and Cloudformation template, please see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities

To verify the fix, you first need to enhance the service dialog. This requires a manual editing of the dialog that you would normally first create through the CFME UI. Below is the paste of the naming of components that I posted earlier:

stack_notifications - a text area box, each line is an ARN
stack_capabilities - a drop down list for capabilities
stack_resource_types - a text area box, each line is an allowed resource type filter
stack_role - a text box for the role ARN
stack_policy - a text area box for the JSON formatted policy, or just the policy URL
stack_tags - a text area box, each line is one tag key and value pair, in the format key => value

If you only want to test IAM capability, you only need to add a dropdown and name it stack_capabilities. CAPABILITY_IAM and CAPABILITY_NAMED_IAM are the two available selections.

You will need to follow the description of this BZ to prepare a Cloudformation template that requires IAM role. You should do this through AWS console window.

With "CAPABILITY_IAM" selected stack was created successfully.

Verified in 5.7.1.0.20170124142149_8a5f4d5 

===================================
Additional info for bug verification
======================Template used==========
{
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
      "RootRole": {
         "Type": "AWS::IAM::Role",
         "Properties": {
            "AssumeRolePolicyDocument": {
               "Version" : "2012-10-17",
               "Statement": [ {
                  "Effect": "Allow",
                  "Principal": {
                     "Service": [ "ec2.amazonaws.com" ]
                  },
                  "Action": [ "sts:AssumeRole" ]
               } ]
            },
            "Path": "/",
            "Policies": [ {
               "PolicyName": "root",
               "PolicyDocument": {
                  "Version" : "2012-10-17",
                  "Statement": [ {
                     "Effect": "Allow",
                     "Action": "*",
                     "Resource": "*"
                  } ]
               }
               } ]
            }
      },
      "RootInstanceProfile": {
         "Type": "AWS::IAM::InstanceProfile",
         "Properties": {
            "Path": "/",
            "Roles": [ {
               "Ref": "RootRole"
            } ]
         }
      }
   }
}

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0320.html