{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "The AWS CloudFormation template for this JAWS project", "Parameters": { "aaProjectName": { "Type": "String", "Default": "jaws", "AllowedValues": [ "jaws" ] }, "aaStage": { "Type": "String", "Default": "test" }, "aaDataModelPrefix": { "Type": "String", "Default": "test", "AllowedValues": [ "test" ] }, "aaHostedZoneName": { "Type": "String", "Default": "myapp.com" }, "aaNotficationEmail": { "Type": "String", "Default": "you@you.com" }, "aaDefaultDynamoRWThroughput": { "Type": "String", "Default": "1" } }, "Resources": { "LambdaRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" } }, "Profile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LambdaRole" } ] } }, "Group": { "Type": "AWS::IAM::Group", "Properties": { "Path": "/dataModel/" } }, "Policy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": { "Fn::Join": [ "_-_", [ { "Ref": "aaStage" }, { "Ref": "aaProjectName" } ] ] }, "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction", "iam:PassRole", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" } ] }, "Roles": [ { "Ref": "LambdaRole" } ], "Groups": [ { "Ref": "Group" } ] } } }, "Outputs": { "LambdaRoleARN": { "Description": "ARN of the lambda IAM role", "Value": { "Fn::GetAtt": [ "LambdaRole", "Arn" ] } } } }