marinr/role.yaml

## role.yaml
CognitoExecutionRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Version: '2012-10-17'
      Statement:
      - Effect: Allow
        Principal:
         Service:
         - apigateway.amazonaws.com
        Action:
        - sts:AssumeRole
     Path: "/"
     Policies:
     - PolicyName: root
       PolicyDocument:
       Version: '2012-10-17'
       Statement:
       - Effect: Allow
         Action:
         - cognito-idp:DescribeUserPool
         Resource: !Sub 'arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${YOUR_USER_POOL_AS_CF_PARAM}'
	CognitoExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- apigateway.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"
	Policies:
	- PolicyName: root
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- cognito-idp:DescribeUserPool
	Resource: !Sub 'arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${YOUR_USER_POOL_AS_CF_PARAM}'