{
  "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
      "myBastionIAMrole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
          "AssumeRolePolicyDocument": {
            "Version" : "2012-10-17",
            "Statement": [ {
              "Effect": "Allow",
              "Principal": {
                "Service": [ "ec2.amazonaws.com" ]
              },
              "Action": [ "sts:AssumeRole" ]
            } ]
          },
          "ManagedPolicyArns": [ 
            "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",
            "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
            "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
            "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
          ],
          "RoleName": "alexardsBastionIAMrole"
        }
      },
      "myBastionInstProf": {
        "Type": "AWS::IAM::InstanceProfile",
        "Properties": {
        "Roles": [ 
          {
            "Ref": "myBastionIAMrole"
          }
        ],
        "InstanceProfileName": "alexardsBastionInstProf"
        }
      }
   },
   "Outputs": {
      "myBastionInstProf" : {
        "Value" :  { 
          "Ref" : "myBastionInstProf" 
        }
      }
    },
  "Description": "alexards_security"
}