AWSTemplateFormatVersion: '2010-09-09'
Description: Create an IAM role for ECS container instances that run on EC2.  The role includes managed policies for ECS, CloudWatch, and AWS Systems Manager
Resources:
  InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "ecsInstanceRole-cw-ssm"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
        - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role


  InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      InstanceProfileName: "ip-ecsInstanceRole-cw-ssm"
      Path: "/"
      Roles:
        - !Ref InstanceRole