53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
AWSTemplateFormatVersion: "2010-09-09"
|
|
Description: DT IAM stack
|
|
Parameters:
|
|
#------------------------
|
|
# Deployment Information
|
|
#------------------------
|
|
environment:
|
|
Type: String
|
|
Description: Name of the environment
|
|
Default: production
|
|
|
|
Resources:
|
|
DefaultLambdaRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service:
|
|
- lambda.amazonaws.com
|
|
Action:
|
|
- sts:AssumeRole
|
|
Policies:
|
|
- PolicyName: LambdaLogging
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- logs:CreateLogGroup
|
|
- logs:CreateLogStream
|
|
- logs:PutLogEvents
|
|
Resource: "*"
|
|
- PolicyName: AttachToVpc
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- ec2:CreateNetworkInterface
|
|
- ec2:DescribeNetworkInterfaces
|
|
- ec2:DeleteNetworkInterface
|
|
- ec2:DescribeSecurityGroups
|
|
- ec2:DescribeSubnets
|
|
- ec2:DescribeVpcs
|
|
Resource: "*"
|
|
|
|
Outputs:
|
|
DefaultRole:
|
|
Description: Default lambda role with logging policy
|
|
Value: !GetAtt DefaultLambdaRole.Arn |