-
Notifications
You must be signed in to change notification settings - Fork 0
/
sc-emr-launchrole.yml
62 lines (61 loc) · 2.43 KB
/
sc-emr-launchrole.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Description: "ServiceCatalog EMR Launch Role. (fdp-1p5rtpgmf)"
Resources:
SCEMRLaunchRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: SCEMRLaunchRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- servicecatalog.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: SCLaunchPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: SCLaunchPolicySID
Effect: Allow
Action:
- "servicecatalog:ListServiceActionsForProvisioningArtifact"
- "servicecatalog:ExecuteprovisionedProductServiceAction"
- "iam:ListRolePolicies"
- "iam:ListPolicies"
- "iam:CreateRole"
- "iam:DeleteRole"
- "iam:GetRole"
- "iam:PassRole"
- "iam:ListRoles"
- "iam:CreateInstanceProfile"
- "iam:DeleteInstanceProfile"
- "iam:AddRoleToInstanceProfile"
- "iam:RemoveRoleFromInstanceProfile"
- "iam:DetachRolePolicy"
- "iam:AttachRolePolicy"
- "cloudformation:DescribeStackResource"
- "cloudformation:DescribeStackResources"
- "cloudformation:GetTemplate"
- "cloudformation:List*"
- "cloudformation:DescribeStackEvents"
- "cloudformation:DescribeStacks"
- "cloudformation:CreateStack"
- "cloudformation:DeleteStack"
- "cloudformation:DescribeStackEvents"
- "cloudformation:DescribeStacks"
- "cloudformation:GetTemplateSummary"
- "cloudformation:SetStackPolicy"
- "cloudformation:ValidateTemplate"
- "cloudformation:UpdateStack"
Resource: '*'
Outputs:
LaunchRoleArn:
Value: !GetAtt SCEMRLaunchRole.Arn
LaunchRoleName:
Value: !Ref SCEMRLaunchRole