foundation-lambda-roles.yaml
---

Foundation Lambda Roles CloudFormation Deployment

This CloudFormation template creates IAM roles for later use by Lambda functions. These roles are broadly useful roles that many functions will use:

  • CloudWatch Logs access
AWSTemplateFormatVersion: '2010-09-09' Description: 'UITS Account Foundation: Lambda Role Base Stack'

Resources

Resources:

Lambda Logging Role

This role allows a Lambda function to write to CloudWatch Logs.

LambdaLogRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: cloudwatch-logs-access PolicyDocument: Version: '2012-10-17' Statement: - Sid: cloudwatchlogsaccess Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:Describe* - logs:PutLogEvents Resource: - "*"

Outputs

Outputs: LambdaLogRoleARN: Value: !GetAtt LambdaLogRole.Arn