{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "myBastionIAMrole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonSSMFullAccess", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" ], "RoleName": "alexardsBastionIAMrole" } }, "myBastionInstProf": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { "Ref": "myBastionIAMrole" } ], "InstanceProfileName": "alexardsBastionInstProf" } } }, "Outputs": { "myBastionInstProf" : { "Value" : { "Ref" : "myBastionInstProf" } } }, "Description": "alexards_security" }