Role with Inline Policy

AWSTemplateFormatVersion: 2010-09-09
Description: An IAM Role with an inline policy

Overview

An IAM role with an inline policy.

Parameters

Parameters:
Param Value
DeploymentName cfc

DeploymentName

  DeploymentName:
    Type: String
    Description: A name for this deployment

A deployment is a deployed application, potentially comprised of many CloudFormation stacks. This is sometimes called an "environment", but that is an overloaded and confusing term. Use the DeploymentName to indicate which logical deployment a stack belongs to.

If a deployment is completely specified by exactly one CloudFormation template, the DeploymentName and the AWS::StackName refer to the same things. In that case, consider not using a DeploymentName parameter.

Resources

Resources:

Role

  Role:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${DeploymentName}-Role"
      Description: Allows EC2 instances to call AWS services
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        - PolicyName: InstancePolicy
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                  - logs:DescribeLogStreams
                  - cloudformation:DescribeStackResource
                Resource: "*"