AWSTemplateFormatVersion: "2010-09-09"
Transform: ExecutionRoleBuilder
Parameters:
  PermissionBoundaryArn:
    Type: String
    Description: ARN for the Permission Boundary Policy
Resources:
  ExecutionRoleBuilderMacroTestRole: 
    Type: "AWS::IAM::Role"
    Properties: 
      Type: "Lambda"
      Name: "ExecutionRoleForAppA"
      Path: "/boundedexecroles/"
      PermissionsBoundary:
        Ref: PermissionBoundaryArn
      Permissions:
        - ReadOnly: "arn:aws:s3:::mygreatbucket1"
        - ReadWrite: "arn:aws:dynamodb:us-west-2:123456789012:table/table1"
        - ReadOnly: "arn:aws:ssm:us-west-2:123456789012:parameter/dev/myapp1/*"
        - ReadOnly: "arn:aws:kms:us-west-2:123456789012:key/a8f4be2b-5fcd-zzzz-yyyy-xxxxxxxxxxxx"