Role with Inline Policy
- CloudFormation template: yaml
AWSTemplateFormatVersion: 2010-09-09 Description: An IAM Role with an inline policy
Overview
An IAM role with an inline policy.
Parameters
Parameters:
Param | Value |
---|---|
DeploymentName | cfc |
DeploymentName
DeploymentName: Type: String Description: A name for this deployment
A deployment is a deployed application, potentially comprised of many
CloudFormation stacks. This is sometimes called an "environment", but that is an
overloaded and confusing term. Use the DeploymentName
to indicate which
logical deployment a stack belongs to.
If a deployment is completely specified by exactly one CloudFormation template,
the DeploymentName
and the AWS::StackName refer to the same things. In that
case, consider not using a DeploymentName
parameter.
Resources
Resources:
Role
Role: Type: AWS::IAM::Role Properties: RoleName: !Sub "${DeploymentName}-Role" Description: Allows EC2 instances to call AWS services AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: ec2.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: InstancePolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - logs:DescribeLogStreams - cloudformation:DescribeStackResource Resource: "*"