- Create a new CloudFormation template file and add the first Resource. This is going to be our role that contains references to the managed policies, and also our Inline Policy:
AWSTemplateFormatVersion: '2010-09-09' Resources: ExampleRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess - arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess Path: / Policies: - PolicyName: WriteToCloudWatchLogs PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream ...