LambdaLogRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: cloudwatch-logs-access
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: cloudwatchlogsaccess
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:Describe*
- logs:PutLogEvents
Resource:
- "*"
Foundation Lambda Roles CloudFormation Deployment
This CloudFormation template creates IAM roles for later use by Lambda functions. These roles are broadly useful roles that many functions will use: