--- AWSTemplateFormatVersion: "2010-09-09" Parameters: MyContentBucket: Description: "Bucket name for content (usually ${VPCName}-my-content), use 'none' to disable creation" Type: String AMIId: Type: 'String' Description: 'The AMI ID for the image to use.' Resources: myPolicy: Type: AWS::IAM::Policy Properties: Roles: - testRole PolicyName: test PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "iam:UploadSSHPublicKey" Resource: "arn:aws:iam::*:user/${aws:username}" - Effect: "Deny" Action: - "iam:GetLoginProfile" NotResource: "arn:aws:iam::*:user/${aws:username}" myPolicy2: Type: AWS::IAM::Policy Properties: Roles: - testRole PolicyName: test2 PolicyDocument: { "Version": "2012-10-17", "Statement": [ { "Sid": "GetClusterCredsStatement", "Effect": "Allow", "Action": [ "redshift:GetClusterCredentials" ], "Resource": [ "arn:aws:redshift:us-west-2:123456789012:dbuser:examplecluster/${redshift:DbUser}", "arn:aws:redshift:us-west-2:123456789012:dbname:examplecluster/testdb", "arn:aws:redshift:us-west-2:123456789012:dbgroup:examplecluster/common_group" ], "Condition": { "StringEquals": { "aws:userid":"AIDIODR4TAW7CSEXAMPLE:${redshift:DbUser}@yourdomain.com" } } }, { "Sid": "CreateClusterUserStatement", "Effect": "Allow", "Action": [ "redshift:CreateClusterUser" ], "Resource": [ "arn:aws:redshift:us-west-2:123456789012:dbuser:examplecluster/${redshift:DbUser}" ], "Condition": { "StringEquals": { "aws:userid":"AIDIODR4TAW7CSEXAMPLE:${redshift:DbUser}@yourdomain.com" } } }, { "Sid": "RedshiftJoinGroupStatement", "Effect": "Allow", "Action": [ "redshift:JoinGroup" ], "Resource": [ "arn:aws:redshift:us-west-2:123456789012:dbgroup:examplecluster/common_group" ] } ] } Key: Type: AWS::ApiGateway::ApiKey Properties: Description: "This is a literal instead of a sub: ${!Test2}" GreetingRequest: Type: AWS::ApiGateway::Method Properties: AuthorizationType: NONE HttpMethod: GET Integration: Type: AWS IntegrationHttpMethod: POST Uri: Fn::Join: - "" - - "arn:aws:apigateway:" - !Ref "AWS::Region" - ":lambda:path/2015-03-31/functions/" - !GetAtt GreetingLambda.Arn - ":${stageVariables.LambdaAlias}" - "/invocations" IntegrationResponses: - StatusCode: '200' RequestTemplates: application/json: Fn::Join: - "" - - "{" - " \"name\": \"$input.params('name')\"" - "}" RequestParameters: method.request.querystring.name: false ResourceId: !Ref GreetingResource RestApiId: !Ref GreetingApi MethodResponses: - StatusCode: '200' IOTPolicies: Type: "AWS::IoT::Policy" Properties: PolicyName: "root" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - iot:GetThingShadow - iot:UpdateThingShadow - iot:DeleteThingShadow Resource: - Fn::Join: - ':' - - arn:aws:iot - !Ref AWS::Region - !Ref AWS::AccountId - thing/${iot:Connection.Thing.ThingName}* TestGoodStateMachine1: Type: AWS::StepFunctions::StateMachine Properties: DefinitionString: Fn::Join: - "\n" - - "{" - ' "StartAt": "Test",' - ' "States": {' - ' "Test": {' - ' "End": true,' - ' "Resource": "${definition_substitution_1}",' - ' "ResultPath": "$.result",' - ' "Type": "Task"' - " }" - " }" - "}" DefinitionSubstitutions: definition_substitution_1: test RoleArn: arn:aws:iam::123456789012:role/abc