kagarlickij/CodeDeploy_Sample_Roles.json

## CodeDeploy_Sample_Roles.json
{
  "Description": "This one is to create roles required for CodeDeploy",
  "AWSTemplateFormatVersion": "2010-09-09",

  "Resources": {
    "CodeDeployTrustRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Sid": "1",
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "codedeploy.us-east-1.amazonaws.com",
                  "codedeploy.us-west-2.amazonaws.com",
                  "codedeploy.eu-west-1.amazonaws.com",
                  "codedeploy.ap-southeast-2.amazonaws.com"
                ]
              },
              "Action": "sts:AssumeRole"
            }
          ]
        },
        "Path": "/"
      }
    },
    "CodeDeployRolePolicies": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "CodeDeployPolicy",
        "PolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "ec2:Describe*"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "autoscaling:CompleteLifecycleAction",
                "autoscaling:DeleteLifecycleHook",
                "autoscaling:DescribeLifecycleHooks",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:PutLifecycleHook",
                "autoscaling:RecordLifecycleActionHeartbeat"
              ]
            }
          ]
        },
        "Roles": [
          {
            "Ref": "CodeDeployTrustRole"
          }
        ]
      }
    },
    "InstanceRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/"
      }
    },
    "InstanceRolePolicies": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "InstanceRole",
        "PolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "autoscaling:Describe*",
                "cloudformation:Describe*",
                "cloudformation:GetTemplate",
                "s3:Get*"
              ],
              "Resource": "*"
            }
          ]
        },
        "Roles": [
          {
            "Ref": "InstanceRole"
          }
        ]
      }
    },
    "InstanceRoleInstanceProfile": {
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": {
        "Path": "/",
        "Roles": [
          {
            "Ref": "InstanceRole"
          }
        ]
      }
    }
  }
}
	{
	"Description": "This one is to create roles required for CodeDeploy",
	"AWSTemplateFormatVersion": "2010-09-09",

	"Resources": {
	"CodeDeployTrustRole": {
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Statement": [
	{
	"Sid": "1",
	"Effect": "Allow",
	"Principal": {
	"Service": [
	"codedeploy.us-east-1.amazonaws.com",
	"codedeploy.us-west-2.amazonaws.com",
	"codedeploy.eu-west-1.amazonaws.com",
	"codedeploy.ap-southeast-2.amazonaws.com"
	]
	},
	"Action": "sts:AssumeRole"
	}
	]
	},
	"Path": "/"
	}
	},
	"CodeDeployRolePolicies": {
	"Type": "AWS::IAM::Policy",
	"Properties": {
	"PolicyName": "CodeDeployPolicy",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Resource": [
	"*"
	],
	"Action": [
	"ec2:Describe*"
	]
	},
	{
	"Effect": "Allow",
	"Resource": [
	"*"
	],
	"Action": [
	"autoscaling:CompleteLifecycleAction",
	"autoscaling:DeleteLifecycleHook",
	"autoscaling:DescribeLifecycleHooks",
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:PutLifecycleHook",
	"autoscaling:RecordLifecycleActionHeartbeat"
	]
	}
	]
	},
	"Roles": [
	{
	"Ref": "CodeDeployTrustRole"
	}
	]
	}
	},
	"InstanceRole": {
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"Service": [
	"ec2.amazonaws.com"
	]
	},
	"Action": [
	"sts:AssumeRole"
	]
	}
	]
	},
	"Path": "/"
	}
	},
	"InstanceRolePolicies": {
	"Type": "AWS::IAM::Policy",
	"Properties": {
	"PolicyName": "InstanceRole",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"autoscaling:Describe*",
	"cloudformation:Describe*",
	"cloudformation:GetTemplate",
	"s3:Get*"
	],
	"Resource": "*"
	}
	]
	},
	"Roles": [
	{
	"Ref": "InstanceRole"
	}
	]
	}
	},
	"InstanceRoleInstanceProfile": {
	"Type": "AWS::IAM::InstanceProfile",
	"Properties": {
	"Path": "/",
	"Roles": [
	{
	"Ref": "InstanceRole"
	}
	]
	}
	}
	}
	}