resources.json - AWS Code Sample

resources.json

{ "Resources": { "DefaultRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "DefaultRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Sid": "SecretsManagerAccess", "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Resource": [{ "Fn::Sub": "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:demo-aurora-secret-*" }] }, { "Sid": "RDSDataServiceAccess", "Effect": "Allow", "Action": [ "rds-data:ExecuteStatement", "rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:RollbackTransaction" ], "Resource": "*" }, { "Sid": "RDSAccess", "Effect": "Allow", "Action": [ "rds:DescribeDBClusters" ], "Resource": [{ "Fn::Sub": "arn:aws:rds:${AWS::Region}:${AWS::AccountId}:cluster:demo-aurora-cluster" }] } ] } } ] } } } }