nukopy/template.yml

## template.yml
Resources:
  # IAM Policy
  PolicyLambdaBasicExecution:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: !Sub "${Prefix}-policy-lambda-basic-execution"
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
            Resource: "*"
      Users:
        - !Ref IAMUser
      # Roles:
      #  - 本当はここにロールを置きたいけど，ロールが作成されていないので渋々 IAM ユーザy.okuwaki@jxpress.net を指定している
  # IAM Role
  RoleLambdaEntryPoint:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${Prefix}-role-lambda-entry-point"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - !Ref PolicyLambdaBasicExecution
	Resources:
	# IAM Policy
	PolicyLambdaBasicExecution:
	Type: AWS::IAM::ManagedPolicy
	Properties:
	ManagedPolicyName: !Sub "${Prefix}-policy-lambda-basic-execution"
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	Resource: "*"
	Users:
	- !Ref IAMUser
	# Roles:
	# - 本当はここにロールを置きたいけど，ロールが作成されていないので渋々 IAM ユーザy.okuwaki@jxpress.net を指定している
	# IAM Role
	RoleLambdaEntryPoint:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub "${Prefix}-role-lambda-entry-point"
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Principal:
	Service: lambda.amazonaws.com
	Action: sts:AssumeRole
	ManagedPolicyArns:
	- !Ref PolicyLambdaBasicExecution