Ashex · August 20, 2015 15:32
diff --git a/IAM_policy_vpc.py b/IAM_policy_vpc.py
    policy_condition = Join("", ["arn:aws:ec2:", Ref("AWS::AccountId"), ":vpc/" ,Ref(VPC)])

    t.add_resource(
    Role(
        "natEc2Role",
        Path="/",
        AssumeRolePolicyDocument=
        { "Statement": [ {
            "Effect": "Allow",
            "Principal": { "Service": [ "ec2.amazonaws.com" ] },
            "Action": [ "sts:AssumeRole" ]
        } ] }
        ,
        Policies=[
            Policy(
                PolicyName="attachNetworkInterface",
                PolicyDocument={
                    "Statement": [ {
                        "Effect": "Allow",
                        "Action": "ec2:attachNetworkInterface",
                        "Resource": "*",
                        "Condition": {
                            "StringEquals": {
                                "ec2:VPC": policy_condition
                            },
                        }
                    } ],
                }
            )
        ]
        )
    )
	policy_condition = Join("", ["arn:aws:ec2:", Ref("AWS::AccountId"), ":vpc/" ,Ref(VPC)])

	t.add_resource(
	Role(
	"natEc2Role",
	Path="/",
	AssumeRolePolicyDocument=
	{ "Statement": [ {
	"Effect": "Allow",
	"Principal": { "Service": [ "ec2.amazonaws.com" ] },
	"Action": [ "sts:AssumeRole" ]
	} ] }
	,
	Policies=[
	Policy(
	PolicyName="attachNetworkInterface",
	PolicyDocument={
	"Statement": [ {
	"Effect": "Allow",
	"Action": "ec2:attachNetworkInterface",
	"Resource": "*",
	"Condition": {
	"StringEquals": {
	"ec2:VPC": policy_condition
	},
	}
	} ],
	}
	)
	]
	)
	)