Description: "ServiceCatalog ECS Launch Role. (fdp-1qj64b35a)" Resources: SCEC2LaunchRole: Type: 'AWS::IAM::Role' Properties: RoleName: SCECSLaunchRole ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonEC2FullAccess - arn:aws:iam::aws:policy/AWSCodeDeployFullAccess - arn:aws:iam::aws:policy/AWSCodePipelineFullAccess - arn:aws:iam::aws:policy/AWSCodeCommitFullAccess - arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess - arn:aws:iam::aws:policy/AmazonECS_FullAccess - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - servicecatalog.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: SCLaunchPolicy PolicyDocument: Version: 2012-10-17 Statement: - Sid: SCLaunchPolicySID Effect: Allow Action: - "servicecatalog:ListServiceActionsForProvisioningArtifact" - "servicecatalog:ExecuteprovisionedProductServiceAction" - "iam:AddRoleToInstanceProfile" - "iam:ListRolePolicies" - "iam:ListPolicies" - "iam:DeleteRole" - "iam:GetRole" - "iam:CreateInstanceProfile" - "iam:PassRole" - "iam:DeleteInstanceProfile" - "iam:ListRoles" - "iam:RemoveRoleFromInstanceProfile" - "iam:CreateRole" - "iam:DetachRolePolicy" - "iam:AttachRolePolicy" - "iam:GetRolePolicy" - "iam:PutRolePolicy" - "iam:DeleteRolePolicy" - "cloudformation:DescribeStackResource" - "cloudformation:DescribeStackResources" - "cloudformation:GetTemplate" - "cloudformation:List*" - "cloudformation:DescribeStackEvents" - "cloudformation:DescribeStacks" - "cloudformation:CreateStack" - "cloudformation:DeleteStack" - "cloudformation:DescribeStackEvents" - "cloudformation:DescribeStacks" - "cloudformation:GetTemplateSummary" - "cloudformation:SetStackPolicy" - "cloudformation:ValidateTemplate" - "cloudformation:UpdateStack" Resource: '*' Outputs: LaunchRoleArn: Value: !GetAtt SCEC2LaunchRole.Arn LaunchRoleName: Value: !Ref SCEC2LaunchRole