flowstate/Official Doc Version

## Official Doc Version
myrole:
    boto_iam_role.present:
        - region: us-east-1
        - key: GKTADJGHEIQSXMKKRBJ08H
        - keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
        - policies_from_pillars:
            - shared_iam_bootstrap_policy
        - policies:
            MySQSPolicy:
                Statement:
                  - Action:
                        - sqs:*
                    Effect: Allow
                    Resource:
                        - arn:aws:sqs:*:*:*
                    Sid: MyPolicySQS1
            MyS3Policy:
                Statement:
                  - Action:
                        - s3:GetObject
                    Effect: Allow
                    Resource:
                        - arn:aws:s3:*:*:mybucket/*

## Tutorial Version
Ensure myapp-{{ service_instance }}-useast1 iam role exists:
  boto_iam_role.present:
    - name: myapp-{{ service_instance }}-useast1
    - policies:
        'bootstrap':
          Version: '2012-10-17'
          Statement:
            - Action:
                - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
                - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
              Effect: 'Allow'
              Resource: 'arn:aws:elasticloadbalancing:*:*:loadbalancer/myapp-{{ service_instance }}-useast1'
            - Action:
                - 's3:Head*'
                - 's3:Get*'
              Effect: 'Allow'
              Resource:
                - 'arn:aws:s3:::bootstrap/deploy/myapp/*'
            - Action:
                - 's3:List*'
                - 's3:Get*'
              Effect: 'Allow'
              Resource:
                - 'arn:aws:s3:::bootstrap'
              Condition:
                StringLike:
                  's3:prefix':
                    - 'deploy/myapp/*'
            - Action:
                - 'ec2:DescribeTags'
              Effect: 'Allow'
              Resource:
                - '*'
        'myapp-{{ service_instance }}-sqs':
          Version: '2012-10-17'
          Statement:
            - Action:
                - 'sqs:ChangeMessageVisibility'
                - 'sqs:DeleteMessage'
                - 'sqs:GetQueueAttributes'
                - 'sqs:GetQueueUrl'
                - 'sqs:ListQueues'
                - 'sqs:ReceiveMessage'
                - 'sqs:SendMessage'
              Effect: 'Allow'
              Resource:
                - 'arn:aws:sqs:*:*:myapp-{{ service_instance }}-*'
              Sid: 'myapp{{ service_instance }}sqs1'
    - profile: aws_profile
	myrole:
	boto_iam_role.present:
	- region: us-east-1
	- key: GKTADJGHEIQSXMKKRBJ08H
	- keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
	- policies_from_pillars:
	- shared_iam_bootstrap_policy
	- policies:
	MySQSPolicy:
	Statement:
	- Action:
	- sqs:*
	Effect: Allow
	Resource:
	- arn:aws:sqs:::*
	Sid: MyPolicySQS1
	MyS3Policy:
	Statement:
	- Action:
	- s3:GetObject
	Effect: Allow
	Resource:
	- arn:aws:s3:::mybucket/*
	Ensure myapp-{{ service_instance }}-useast1 iam role exists:
	boto_iam_role.present:
	- name: myapp-{{ service_instance }}-useast1
	- policies:
	'bootstrap':
	Version: '2012-10-17'
	Statement:
	- Action:
	- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
	- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
	Effect: 'Allow'
	Resource: 'arn:aws:elasticloadbalancing:::loadbalancer/myapp-{{ service_instance }}-useast1'
	- Action:
	- 's3:Head*'
	- 's3:Get*'
	Effect: 'Allow'
	Resource:
	- 'arn:aws:s3:::bootstrap/deploy/myapp/*'
	- Action:
	- 's3:List*'
	- 's3:Get*'
	Effect: 'Allow'
	Resource:
	- 'arn:aws:s3:::bootstrap'
	Condition:
	StringLike:
	's3:prefix':
	- 'deploy/myapp/*'
	- Action:
	- 'ec2:DescribeTags'
	Effect: 'Allow'
	Resource:
	- '*'
	'myapp-{{ service_instance }}-sqs':
	Version: '2012-10-17'
	Statement:
	- Action:
	- 'sqs:ChangeMessageVisibility'
	- 'sqs:DeleteMessage'
	- 'sqs:GetQueueAttributes'
	- 'sqs:GetQueueUrl'
	- 'sqs:ListQueues'
	- 'sqs:ReceiveMessage'
	- 'sqs:SendMessage'
	Effect: 'Allow'
	Resource:
	- 'arn:aws:sqs:::myapp-{{ service_instance }}-*'
	Sid: 'myapp{{ service_instance }}sqs1'
	- profile: aws_profile