AWSTemplateFormatVersion: '2010-09-09' Description: 'Custom resource to create a AWS Cloud9 for Step Functions workshop' Resources: Cloud9Environment1: Type: AWS::Cloud9::EnvironmentEC2 Properties: AutomaticStopTimeMinutes: 60 Description: 'Online IDE for workshop' InstanceType: t3.medium OwnerArn: !Sub 'arn:aws:sts::${AWS::AccountId}:assumed-role/WSParticipantRole/Participant' Name: 'StepFunctionsSAMWorkshop' Cloud9InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: InstanceProfileName: 'stepfunctionsworkshop-sam-role' Path: / Roles: - !Ref RootRole RolePolicies: Type: AWS::IAM::Policy Properties: PolicyName: 'stepfunctionsAdminPolicy' PolicyDocument: Version: '2012-10-17' Statement: - Resource: '*' Action: - iam:CreateRole - iam:AttachRolePolicy - iam:CreatePolicy - iam:CreatePolicyVersion - iam:GetRole - iam:PutRolePolicy - iam:DeleteRole - iam:DeleteRolePolicy - iam:PassRole - iam:GetRolePolicy - apigateway:DELETE - apigateway:GET - apigateway:PATCH - apigateway:POST - apigateway:PUT Effect: Allow Sid: DeployStepFunctionsWithSAMPolicy - Resource: '*' Action: - ec2:ModifyReservedInstances - ec2:PurchaseHostReservation - ec2:PurchaseReservedInstancesOffering - ec2:PurchaseScheduledInstances - rds:PurchaseReservedDBInstancesOffering - dynamodb:PurchaseReservedCapacityOfferings - ec2:CancelSpotFleetRequests - ec2:ModifySpotFleetRequest - ec2:RequestSpotFleet - ec2:RequestSpotInstances - ec2:CancelSpotInstanceRequests - ec2:CreateSpotDatafeedSubscription - ec2:DeleteSpotDatafeedSubscription Effect: Deny Sid: DontBuyReservationsOrSpotPlz Roles: - !Ref RootRole RootRole: Type: AWS::IAM::Role Properties: RoleName: 'stepfunctionsworkshop-sam-role' AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: '/' ManagedPolicyArns: - arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess