AWSTemplateFormatVersion: '2010-09-09' Description: AWS CloudFormation template IAM Roles for Systems Manager | Automation Service Resources: ManagedInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ssm.amazonaws.com - ec2.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess Path: "/" Outputs: ManagedInstanceRole: Description: Instance Role to be used for EC2 instances - eg Ranger server, AD server Value: !Ref ManagedInstanceRole