Description: "ServiceCatalog Serverless Launch Role. (fdp-1p5s1035k)"
Resources:
SCServerlessLaunchRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: SCServerlessLaunchRole
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- servicecatalog.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: SCLaunchPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: SCLaunchPolicySID
Action:
- "apigateway:*"
- "cloudformation:CancelUpdateStack"
- "cloudformation:ContinueUpdateRollback"
- "cloudformation:CreateChangeSet"
- "cloudformation:CreateStack"
- "cloudformation:CreateUploadBucket"
- "cloudformation:DeleteStack"
- "cloudformation:Describe*"
- "cloudformation:EstimateTemplateCost"
- "cloudformation:ExecuteChangeSet"
- "cloudformation:Get*"
- "cloudformation:List*"
- "cloudformation:PreviewStackUpdate"
- "cloudformation:UpdateStack"
- "cloudformation:UpdateTerminationProtection"
- "cloudformation:ValidateTemplate"
- "dynamodb:CreateTable"
- "dynamodb:DeleteTable"
- "dynamodb:DescribeTable"
- "ec2:AttachInternetGateway"
- "ec2:AuthorizeSecurityGroupIngress"
- "ec2:CreateInternetGateway"
- "ec2:CreateNetworkAcl"
- "ec2:CreateNetworkAclEntry"
- "ec2:CreateRouteTable"
- "ec2:CreateSecurityGroup"
- "ec2:CreateSubnet"
- "ec2:CreateTags"
- "ec2:CreateVpc"
- "ec2:DeleteInternetGateway"
- "ec2:DeleteNetworkAcl"
- "ec2:DeleteNetworkAclEntry"
- "ec2:DeleteRouteTable"
- "ec2:DeleteSecurityGroup"
- "ec2:DeleteSubnet"
- "ec2:DeleteVpc"
- "ec2:Describe*"
- "ec2:DetachInternetGateway"
- "ec2:ModifyVpcAttribute"
- "events:DeleteRule"
- "events:DescribeRule"
- "events:ListRuleNamesByTarget"
- "events:ListRules"
- "events:ListTargetsByRule"
- "events:PutRule"
- "events:PutTargets"
- "events:RemoveTargets"
- "iam:CreateRole"
- "iam:DeleteRole"
- "iam:DeleteRolePolicy"
- "iam:GetRole"
- "iam:PassRole"
- "iam:PutRolePolicy"
- "iot:CreateTopicRule"
- "iot:DeleteTopicRule"
- "iot:DisableTopicRule"
- "iot:EnableTopicRule"
- "iot:ReplaceTopicRule"
- "kinesis:CreateStream"
- "kinesis:DeleteStream"
- "kinesis:DescribeStream"
- "lambda:*"
- "logs:CreateLogGroup"
- "logs:DeleteLogGroup"
- "logs:DescribeLogGroups"
- "logs:DescribeLogStreams"
- "logs:FilterLogEvents"
- "logs:GetLogEvents"
- "s3:CreateBucket"
- "s3:DeleteBucket"
- "s3:DeleteBucketPolicy"
- "s3:DeleteObject"
- "s3:DeleteObjectVersion"
- "s3:GetObject"
- "s3:GetObjectVersion"
- "s3:ListAllMyBuckets"
- "s3:ListBucket"
- "s3:PutBucketNotification"
- "s3:PutBucketPolicy"
- "s3:PutBucketTagging"
- "s3:PutBucketWebsite"
- "s3:PutEncryptionConfiguration"
- "s3:PutObject"
- "sns:CreateTopic"
- "sns:DeleteTopic"
- "sns:GetSubscriptionAttributes"
- "sns:GetTopicAttributes"
- "sns:ListSubscriptions"
- "sns:ListSubscriptionsByTopic"
- "sns:ListTopics"
- "sns:SetSubscriptionAttributes"
- "sns:SetTopicAttributes"
- "sns:Subscribe"
- "sns:Unsubscribe"
- "states:CreateStateMachine"
- "states:DeleteStateMachine"
Resource: '*'
Effect: "Allow"
Outputs:
LaunchRoleArn:
Value: !GetAtt SCServerlessLaunchRole.Arn
LaunchRoleName:
Value: !Ref SCServerlessLaunchRole