Add CloudFormation write IAM role, managed policy, and repository README

2025-12-31 19:52:14 +09:00 · 2025-12-31 19:52:14 +09:00 · ef8bceff67
commit ef8bceff67
3 changed files with 111 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,11 @@
+# CloudFormation Write IAM Definitions
+
+This repository defines IAM roles and policies for safely executing AWS CloudFormation operations via `AssumeRole`.
+
+- `roles/cloudformation-write-role.yaml`
+  IAM role for CloudFormation execution, including ECR import permissions.
+  Assumable by specified IAM Identity Center roles.
+
+- `policies/cloudformation-write-policy.yaml`
+  Managed policy granting minimal CloudFormation write access.
+  Intended for use via the execution role, not attached directly to users.