nathanpeck/chat-service-role.yml

## chat-service-role.yml
# A role for the service so it can access the tables
ChatServiceRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
      - Effect: Allow
        Principal:
          Service: "ecs-tasks.amazonaws.com"
        Action: ['sts:AssumeRole']
    Path: /
    Policies:
    - PolicyName: users-dynamodb-table
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action:
            - "dynamodb:PutItem"
            - "dynamodb:GetItem"
            - "dynamodb:Query"
            - "dynamodb:Scan"
            - "dynamodb:UpdateItem"
            - "dynamodb:DeleteItem"
          Resource:
            - !Join ['', ['arn:aws:dynamodb:*:*:table/', !Ref 'UsersTable']]
            - !Join ['', ['arn:aws:dynamodb:*:*:table/', !Ref 'MessagesTable']]
	# A role for the service so it can access the tables
	ChatServiceRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Statement:
	- Effect: Allow
	Principal:
	Service: "ecs-tasks.amazonaws.com"
	Action: ['sts:AssumeRole']
	Path: /
	Policies:
	- PolicyName: users-dynamodb-table
	PolicyDocument:
	Statement:
	- Effect: Allow
	Action:
	- "dynamodb:PutItem"
	- "dynamodb:GetItem"
	- "dynamodb:Query"
	- "dynamodb:Scan"
	- "dynamodb:UpdateItem"
	- "dynamodb:DeleteItem"
	Resource:
	- !Join ['', ['arn:aws:dynamodb:::table/', !Ref 'UsersTable']]
	- !Join ['', ['arn:aws:dynamodb:::table/', !Ref 'MessagesTable']]