AWSTemplateFormatVersion: "2010-09-09"
Description: DT IAM stack
Parameters:
  #------------------------
  # Deployment Information
  #------------------------
  environment:
    Type: String
    Description: Name of the environment
    Default: production

Resources:
  DefaultLambdaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal: 
              Service: 
                - lambda.amazonaws.com
            Action: 
              - sts:AssumeRole
      Policies: 
        - PolicyName: LambdaLogging
          PolicyDocument: 
            Version: 2012-10-17
            Statement: 
              - Effect: Allow
                Action: 
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: "*"
        - PolicyName: AttachToVpc
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - ec2:CreateNetworkInterface
                  - ec2:DescribeNetworkInterfaces
                  - ec2:DeleteNetworkInterface
                  - ec2:DescribeSecurityGroups
                  - ec2:DescribeSubnets
                  - ec2:DescribeVpcs
                Resource: "*"

Outputs:
  DefaultRole:
    Description: Default lambda role with logging policy
    Value: !GetAtt DefaultLambdaRole.Arn