elliottmurray/policy-template.yaml

## policy-template.yaml
  HelloWorldFunctionRole:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: "managed-cr-role"
      Path: '/'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
                - sts:AssumeRole
            Principal:
              Service:
                - 'lambda.amazonaws.com'
      Policies:
        - PolicyName: "LogPolicy"
          PolicyDocument:
            Version: 2012-10-17
            Statement:
            -
              Effect: Allow
              Action:
                - 'events:*'
                - 'logs:CreateLogGroup'
                - 'logs:CreateLogStream'
                - 'logs:PutLogEvents'
              Resource:
                - !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/MyCustomResource*"
                - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
                - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*"
        - PolicyName: "AddPermission"
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                    - lambda:AddPermission
                Resource: "*"
	HelloWorldFunctionRole:
	Type: 'AWS::IAM::Role'
	Properties:
	RoleName: "managed-cr-role"
	Path: '/'
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- sts:AssumeRole
	Principal:
	Service:
	- 'lambda.amazonaws.com'
	Policies:
	- PolicyName: "LogPolicy"
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	-
	Effect: Allow
	Action:
	- 'events:*'
	- 'logs:CreateLogGroup'
	- 'logs:CreateLogStream'
	- 'logs:PutLogEvents'
	Resource:
	- !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/MyCustomResource*"
	- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
	- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/:"
	- PolicyName: "AddPermission"
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Action:
	- lambda:AddPermission
	Resource: "*"