tobilg/Serverless Lambda@Edge execution role

## Serverless Lambda@Edge execution role
{
	"Type": "AWS::IAM::Role",
	"Properties": {
		"AssumeRolePolicyDocument": {
			"Version": "2012-10-17",
			"Statement": [{
				"Effect": "Allow",
				"Principal": {
					"Service": [
						"lambda.amazonaws.com",
						"edgelambda.amazonaws.com"
					]
				},
				"Action": [
					"sts:AssumeRole"
				]
			}]
		},
		"Policies": [{
			"PolicyName": {
				"Fn::Join": [
					"-",
					[
						"backend",
						"prd",
						"lambda"
					]
				]
			},
			"PolicyDocument": {
				"Version": "2012-10-17",
				"Statement": [{
						"Effect": "Allow",
						"Action": [
							"logs:CreateLogStream",
							"logs:CreateLogGroup",
							"logs:PutLogEvents"
						],
						"Resource": [{
							"Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/backend-prd-edgeCDNAuthorize:*:*"
						}]
					}
				]
			}
		}],
		"Path": "/",
		"RoleName": {
			"Fn::Join": [
				"-",
				[
					"backend",
					"prd",
					"edgeCDNAuthorize",
					{
						"Ref": "AWS::Region"
					},
					"lambdaRole"
				]
			]
		},
		"ManagedPolicyArns": []
	}
}

## serverless.yml
edgeCDNAuthorize:
    handler: src/auth/edgeCDNAuthorizer.handler
    memorySize: 128
    timeout: 5
    iamRoleStatements:
      # Workaround, see: https://stackoverflow.com/a/37383297/1603357
      - Effect: Allow
        Action:
          - logs:*
        Resource: 'arn:aws:logs:*:*:*'
    events:
      - cloudFront:
          eventType: viewer-request
          origin:
            DomainName: '#{CDNBucket.DomainName}'
            OriginPath: ''
            Id: S3BucketOrigin
            S3OriginConfig:
              OriginAccessIdentity:
                Fn::Join:
                  - ''
                  - - 'origin-access-identity/cloudfront/'
                    - '#{CDNCloudFrontOriginAccessIdentity}'
          behavior:
            AllowedMethods:
              - GET
              - HEAD
              - OPTIONS
            TargetOriginId: S3BucketOrigin
            ForwardedValues:
              # See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions-restrictions.html#edge-function-restrictions-all
              QueryString: True
              Cookies:
                Forward: none
            ViewerProtocolPolicy: redirect-to-https
	{
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Version": "2012-10-17",
	"Statement": [{
	"Effect": "Allow",
	"Principal": {
	"Service": [
	"lambda.amazonaws.com",
	"edgelambda.amazonaws.com"
	]
	},
	"Action": [
	"sts:AssumeRole"
	]
	}]
	},
	"Policies": [{
	"PolicyName": {
	"Fn::Join": [
	"-",
	[
	"backend",
	"prd",
	"lambda"
	]
	]
	},
	"PolicyDocument": {
	"Version": "2012-10-17",
	"Statement": [{
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogStream",
	"logs:CreateLogGroup",
	"logs:PutLogEvents"
	],
	"Resource": [{
	"Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/backend-prd-edgeCDNAuthorize::"
	}]
	}
	]
	}
	}],
	"Path": "/",
	"RoleName": {
	"Fn::Join": [
	"-",
	[
	"backend",
	"prd",
	"edgeCDNAuthorize",
	{
	"Ref": "AWS::Region"
	},
	"lambdaRole"
	]
	]
	},
	"ManagedPolicyArns": []
	}
	}
	edgeCDNAuthorize:
	handler: src/auth/edgeCDNAuthorizer.handler
	memorySize: 128
	timeout: 5
	iamRoleStatements:
	# Workaround, see: https://stackoverflow.com/a/37383297/1603357
	- Effect: Allow
	Action:
	- logs:*
	Resource: 'arn:aws:logs:::*'
	events:
	- cloudFront:
	eventType: viewer-request
	origin:
	DomainName: '#{CDNBucket.DomainName}'
	OriginPath: ''
	Id: S3BucketOrigin
	S3OriginConfig:
	OriginAccessIdentity:
	Fn::Join:
	- ''
	- - 'origin-access-identity/cloudfront/'
	- '#{CDNCloudFrontOriginAccessIdentity}'
	behavior:
	AllowedMethods:
	- GET
	- HEAD
	- OPTIONS
	TargetOriginId: S3BucketOrigin
	ForwardedValues:
	# See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions-restrictions.html#edge-function-restrictions-all
	QueryString: True
	Cookies:
	Forward: none
	ViewerProtocolPolicy: redirect-to-https