Parameters: 
  UserPwd: 
    NoEcho: true
    Description: IAM user's temp password
    Type: String
    MinLength: 6
    MaxLength: 41
Resources:
 CodeGuruPolicy:
  Type: 'AWS::IAM::ManagedPolicy'
  Properties:
    PolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: Allow
          Action:
            - "codeguru-reviewer:ListRecommendations"
          Resource: '*'
 ApproverWritePolicy:
  Type: 'AWS::IAM::ManagedPolicy'
  Properties:
    PolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: Allow
          Action:
           - "codecommit:PostCommentForPullRequest"
           - "codecommit:UpdatePullRequestApprovalState"
          Resource: '*'
 UserRepositoryAdmin:
  Type: AWS::IAM::User
  Properties: 
    LoginProfile: 
        Password: !Ref UserPwd
        PasswordResetRequired: True
    ManagedPolicyArns: 
      - arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
      - !Ref CodeGuruPolicy
    UserName: "UserRepositoryAdmin"
 UserCodeApprover:
  Type: AWS::IAM::User
  Properties: 
    LoginProfile: 
        Password: !Ref UserPwd
        PasswordResetRequired: True
    ManagedPolicyArns: 
      - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly
      - !Ref CodeGuruPolicy
      - !Ref ApproverWritePolicy
    UserName: "UserCodeApprover"
 UserCodeDeveloper:
  Type: AWS::IAM::User
  Properties: 
    LoginProfile: 
        Password: !Ref UserPwd
        PasswordResetRequired: True
    ManagedPolicyArns: 
      - arn:aws:iam::aws:policy/AWSCodeCommitPowerUser
      - !Ref CodeGuruPolicy
    Policies:
     - PolicyName: denyapprovalrule
       PolicyDocument:
        Version: '2012-10-17'
        Statement: 
        - Effect: Deny
          Action:
          - "codecommit:CreatePullRequestApprovalRule"
          Resource: '*'
    UserName: "UserCodeDeveloper"