---
AWSTemplateFormatVersion: 2010-09-09

Description:
  "This template creates the IAM role and Instance Profile required for Citrix ADC
  **WARNING** This template creates AWS resources.
  You will be billed for the AWS resources used if you create a stack from this template."

Resources:
  CitrixNodesInstanceRole:
    Type: AWS::IAM::Role
    Properties:
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName} InstanceRole
      Path: /
      Policies:
        - PolicyName: Citrixnode
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Action:
                  - "ec2:DescribeAddresses"
                  - "ec2:AssociateAddress"
                  - "ec2:DisassociateAddress"
                  - "ec2:DescribeInstances"
                  - "ec2:DescribeNetworkInterfaces"
                  - "ec2:DetachNetworkInterface"
                  - "ec2:AttachNetworkInterface"
                  - "ec2:StopInstances"
                  - "ec2:StartInstances"
                  - "ec2:RebootInstances"
                  - "autoscaling:*"
                  - "sns:*"
                  - "sqs:*"
                  - "iam:GetRole"
                  - "iam:SimulatePrincipalPolicy"
                Resource: "*"
                Effect: Allow
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Action:
              - "sts:AssumeRole"
            Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com

  CitrixNodesProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - !Ref CitrixNodesInstanceRole

Outputs:
  CitrixNodesProfile:
    Description: Citrix ADC instance profile
    Value: !Ref CitrixNodesProfile