AWSTemplateFormatVersion: '2010-09-09'
Description: AWS MCP Managed Policy

Resources:
  AWSMCPPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: AWSMCPPolicy
      Description: AWS MCP permissions for invoking MCP tools
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - aws-mcp:InvokeMcp
              - aws-mcp:CallReadOnlyTool
              - aws-mcp:CallReadWriteTool
            Resource: "*"