CloudFormation Write IAM Definitions

This repository defines IAM roles and policies for safely executing AWS CloudFormation operations via AssumeRole.

roles/cloudformation-write-role.yaml IAM role for CloudFormation execution, including ECR import permissions. Assumable by specified IAM Identity Center roles.
policies/cloudformation-write-policy.yaml Managed policy granting minimal CloudFormation write access. Intended for use via the execution role, not attached directly to users.