husobee · February 3, 2025 13:33
diff --git a/ex2.yaml b/ex2.yaml
 AWSTemplateFormatVersion: "2010-09-09"
 Description: "CloudFormation Stack with Lambda and IAM Role"

 Resources:
  MyLambdaRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: "MyLambdaExecutionRole"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service: "lambda.amazonaws.com"
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: "LambdaBasicExecution"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action:
                  - "logs:CreateLogGroup"
                  - "logs:CreateLogStream"
                  - "logs:PutLogEvents"
                Resource: "*"

  MyLambdaFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      FunctionName: "MyLambdaFunction"
      Runtime: "python3.8"
      Handler: "index.handler"
      Role: !GetAtt MyLambdaRole.Arn
      Code:
        ZipFile: |
          def handler(event, context):
              return {"message": "Hello from Lambda!"}









 AWSTemplateFormatVersion: "2010-09-09"
 Description: "Updated Stack - Modified IAM Role"

 Resources:
  MyLambdaRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: "MyLambdaExecutionRole"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service: "lambda.amazonaws.com"
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: "LambdaRestrictedExecution"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Deny"
                Action:
                  - "logs:CreateLogGroup"
                  - "logs:CreateLogStream"
                  - "logs:PutLogEvents"
                Resource: "*"

  MyLambdaFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      FunctionName: "MyLambdaFunction"
      Runtime: "python3.8"
      Handler: "index.handler"
      Role: !GetAtt MyLambdaRole.Arn
      Code:
        ZipFile: |
          def handler(event, context):
              return {"message": "Hello from Lambda!"}
	AWSTemplateFormatVersion: "2010-09-09"
	Description: "CloudFormation Stack with Lambda and IAM Role"

	Resources:
	MyLambdaRole:
	Type: "AWS::IAM::Role"
	Properties:
	RoleName: "MyLambdaExecutionRole"
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Principal:
	Service: "lambda.amazonaws.com"
	Action: "sts:AssumeRole"
	Policies:
	- PolicyName: "LambdaBasicExecution"
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action:
	- "logs:CreateLogGroup"
	- "logs:CreateLogStream"
	- "logs:PutLogEvents"
	Resource: "*"

	MyLambdaFunction:
	Type: "AWS::Lambda::Function"
	Properties:
	FunctionName: "MyLambdaFunction"
	Runtime: "python3.8"
	Handler: "index.handler"
	Role: !GetAtt MyLambdaRole.Arn
	Code:
	ZipFile: \|
	def handler(event, context):
	return {"message": "Hello from Lambda!"}









	AWSTemplateFormatVersion: "2010-09-09"
	Description: "Updated Stack - Modified IAM Role"

	Resources:
	MyLambdaRole:
	Type: "AWS::IAM::Role"
	Properties:
	RoleName: "MyLambdaExecutionRole"
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Principal:
	Service: "lambda.amazonaws.com"
	Action: "sts:AssumeRole"
	Policies:
	- PolicyName: "LambdaRestrictedExecution"
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Deny"
	Action:
	- "logs:CreateLogGroup"
	- "logs:CreateLogStream"
	- "logs:PutLogEvents"
	Resource: "*"

	MyLambdaFunction:
	Type: "AWS::Lambda::Function"
	Properties:
	FunctionName: "MyLambdaFunction"
	Runtime: "python3.8"
	Handler: "index.handler"
	Role: !GetAtt MyLambdaRole.Arn
	Code:
	ZipFile: \|
	def handler(event, context):
	return {"message": "Hello from Lambda!"}