#############################################################
## NOT FOR PRODUCTION USE.                                 ##
## THE CONTENT OF THIS FILE IS FOR LEARNING PURPOSES ONLY  ##
## created by David Surey, Amazon Web Services, 2020       ##
#############################################################

AWSTemplateFormatVersion: "2010-09-09"
Parameters: 

  nodegroupRoleName: 
    Type: String
    Default: ""

Resources:   

  nodegroupContainerInsightsPolicy:
    Type: 'AWS::IAM::ManagedPolicy'
    Properties:
      Path: /
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - cloudwatch:PutMetricData
              - ec2:DescribeVolumes
              - ec2:DescribeTags
              - logs:PutLogEvents
              - logs:DescribeLogStreams
              - logs:DescribeLogGroups
              - logs:CreateLogStream
              - logs:CreateLogGroup
            Resource: "*"
          - Effect: Allow
            Action:
              - ssm:GetParameter
            Resource: "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
      Roles: 
        - !Ref nodegroupRoleName