AWSTemplateFormatVersion: '2010-09-09' Description: 'Custom resource to create a AWS Cloud9 for Step Functions workshop' Resources: Cloud9EnvironmentCDK: Type: AWS::Cloud9::EnvironmentEC2 Properties: AutomaticStopTimeMinutes: 60 Description: 'Online IDE for workshop' InstanceType: t3.medium Name: 'StepFunctionsCDKWorkshop' Cloud9CDKInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: InstanceProfileName: 'stepfunctionsworkshop-cdk-role' Path: / Roles: - !Ref CDKRootRole RolePolicies: Type: AWS::IAM::Policy Properties: PolicyName: 'StepFunctionsWorkshopPolicy' PolicyDocument: Version: '2012-10-17' Statement: - Resource: '*' Action: - iam:CreateRole - s3:CreateBucket - iam:AttachRolePolicy - cloudformation:CreateChangeSet - iam:PutRolePolicy - ssm:GetParameter - s3:GetBucketPolicy - ecr:DeleteRepository - s3:PutEncryptionConfiguration - ssm:DeleteParameter - cloudformation:DescribeStackEvents - iam:DetachRolePolicy - iam:DeleteRolePolicy - ecr:DescribeRepositories - cloudformation:DescribeChangeSet - cloudformation:ExecuteChangeSet - s3:DeleteBucket - s3:PutBucketVersioning - iam:GetRole - s3:PutBucketPublicAccessBlock - ecr:CreateRepository - iam:DeleteRole - ssm:GetParameters - s3:DeleteBucketPolicy - cloudformation:DescribeStacks - ssm:PutParameter - cloudformation:GetTemplate - cloudformation:DeleteStack - ecr:SetRepositoryPolicy - s3:PutBucketPolicy - ssm:GetParameter Effect: Allow Sid: MinimumRequiredPolicy - Resource: 'arn:aws:iam::*:role/cdk-*' Action: - sts:AssumeRole Effect: Allow Sid: AllowPassingRole Roles: - !Ref CDKRootRole CDKRootRole: Type: AWS::IAM::Role Properties: RoleName: 'stepfunctionsworkshop-cdk-role' AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: '/'