# This CloudFormation template can be used to deploy an IAM Role and Instance Profile with AWS managed policies for Amazon CloudWatch and AWS Systems Manager

AWSTemplateFormatVersion: '2010-09-09'
Description: "IAM Role and Instance Profile for CloudWatch and SSM"
Resources:
  InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "SSMCloudWatchInstanceRole"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
      ManagedPolicyArns:
        - arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy
        - arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore
  InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      InstanceProfileName: "SSMCloudWatchInstanceRole"
      Path: "/"
      Roles:
        - !Ref InstanceRole