{
	"Description": "Create instance profile role with access to s3 bucket",
	"Parameters": {
		"S3BucketName": {
			"Type": "String",
			"Description": "S3 bucket name"
		}
	},
	"Resources": {
		"S3ColonyJenkinsPolicy": {
			"Type": "AWS::IAM::Policy",
			"Properties": {
				"PolicyName": "CloudShellColony_Jenkins_S3Access",
				"PolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [{
						"Effect": "Allow",
						"Action": "s3:ListBucket",
						"Resource": {
							"Fn::Join": ["",
							["arn:aws:s3:::",
							{
								"Ref": "S3BucketName"
							}]]
						}
					},
					{
						"Effect": "Allow",
						"Resource": {
							"Fn::Join": ["",
							["arn:aws:s3:::",
							{
								"Ref": "S3BucketName"
							},
							"/*"]]
						},
						"Action": ["s3:PutObject",
						"s3:GetObject",
						"s3:DeleteObject"]
					}]
				},
				"Roles": [{
					"Ref": "ColonyJenkinsRole"
				}]
			}
		},
		"ColonyJenkinsRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [{
						"Effect": "Allow",
						"Principal": {
							"Service": ["ec2.amazonaws.com"]
						},
						"Action": ["sts:AssumeRole"]
					}]
				},
				"Path": "/"
			}
		},
		"ColonyJenkinsInstance2Profile": {
			"Type": "AWS::IAM::InstanceProfile",
			"Properties": {
				"Path": "/",
				"Roles": [{
					"Ref": "ColonyJenkinsRole"
				}]
			}
		}
	},
	"Outputs": {
		"IAMRoleInstanceProfile": {
			"Description": "IAM Role Instance Profile name",
			"Value": { "Ref": "ColonyJenkinsInstance2Profile" }
		}
	}
}