Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: AWSCloudFormationStackSetExecutionRole
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: !Join [ "", ['arn:aws:iam::', !Ref RootAccountID, ':root']]
Version: '2012-10-17'
Path: "/"
InlineAdministratorAccess:
Type: AWS::IAM::Policy
Properties:
PolicyName: "root"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "*"
Resource: "*"
Roles:
-
Ref: "AWSCloudFormationStackSetExecutionRole"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment