---
# Define role for a StackSet in a parent account

# Author: Ronald Teijeira
# Email:  ronald.teijeira@techdata.com
# Team:   CoE TechData - Europe

AWSTemplateFormatVersion: 2010-09-09

Resources:
  ParentRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${AWS::StackName}-parent-role
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: cloudformation.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: AssumeRole-AWSCloudFormationStackSetExecutionRole
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - sts:AssumeRole
                Resource:
                  - "arn:*:iam::*:role/*"

Outputs:
  ParentRoleArn:
    Value: !GetAtt ParentRole.Arn
    Description: Role ARN for the parent