AWSTemplateFormatVersion: 2010-09-09
Description: "IAM Role for S3 Cross Region Replication"
Parameters:
  IAMRoleName: 
    Type: String
    Description: "IAM Role for S3 Cross Region Replication"
Resources:
  S3CRRRole:
    Type: 'AWS::IAM::Role'
    DeletionPolicy: Delete
    Properties:
      RoleName: !Ref IAMRoleName
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow 
            Action:
              - 'sts:AssumeRole'
            Principal:
              Service:
                - s3.amazonaws.com
        Version: '2012-10-17'
  S3CRRRolePolicy:
    Type: 'AWS::IAM::Policy'
    DeletionPolicy: Delete
    Properties:
      PolicyName: !Sub "${IAMRoleName}-Policy"
      Roles:
          - Ref: S3CRRRole
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - 's3:GetReplicationConfiguration'
              - 's3:ListBucket'
            Resource:
              - 'arn:aws:s3:::DOC-EXAMPLE-BUCKET1'
          - Effect: Allow
            Action:
              - 's3:GetObjectVersionForReplication'
              - 's3:GetObjectVersionAcl'
              - 's3:GetObjectVersionTagging'
            Resource:
              - 'arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*'
          - Effect: Allow
            Action:
              - 's3:ReplicateObject'
              - 's3:ReplicateDelete'
              - 's3:ReplicateTags'
            Resource: 'arn:aws:s3:::DOC-EXAMPLE-BUCKET2/*'