Add root role for instance profile

Don't know what this does...
mwunsch · Jul 5, 2016 · 516d5e6 · 516d5e6
1 parent bd2ea65
commit 516d5e6
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/formation.json b/formation.json
@@ -11,6 +11,7 @@
     "Compute": {
       "Type": "AWS::EC2::Instance",
       "Properties": {
+        "IamInstanceProfile": { "Ref": "InstanceProfile" },
         "ImageId": "ami-05dddc6f",
         "InstanceType": "t2.micro",
         "KeyName": { "Ref": "KeyName" },
@@ -56,6 +57,38 @@
     },
     "ObjectStorage": {
       "Type": "AWS::S3::Bucket"
+    },
+    "InstanceProfile": {
+      "Type": "AWS::IAM::InstanceProfile",
+      "Properties": {
+        "Path": "/",
+        "Roles": [{"Ref": "RootRole"}]
+      }
+    },
+    "RootRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [{
+            "Effect": "Allow",
+            "Principal": { "Service": ["ec2.amazonaws.com"] },
+            "Action": ["sts:AssumeRole"]
+          }]
+        },
+        "Path": "/",
+        "Policies": [{
+          "PolicyName": "root",
+          "PolicyDocument": {
+            "Version": "2012-10-17",
+            "Statement": [{
+              "Effect": "Allow",
+              "Action": "*",
+              "Resource": "*"
+            }]
+          }
+        }]
+      }
     }
   },
   "Outputs": {