# CloudFormation Write IAM Definitions

This repository defines IAM roles and policies for safely executing AWS CloudFormation operations via `AssumeRole`.

- `roles/cloudformation-write-role.yaml`
  IAM role for CloudFormation execution, including ECR import permissions.
  Assumable by specified IAM Identity Center roles.

- `policies/cloudformation-write-policy.yaml`
  Managed policy granting minimal CloudFormation write access.
  Intended for use via the execution role, not attached directly to users.