PatMyron · October 26, 2019 20:11
diff --git a/stackSetsRoles.yaml b/stackSetsRoles.yaml
 Resources:
  AdministrationRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: AWSCloudFormationStackSetAdministrationRole
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: cloudformation.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: AssumeRole-AWSCloudFormationStackSetExecutionRole
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - sts:AssumeRole
                Resource:
                  - "arn:aws:iam::*:role/AWSCloudFormationStackSetExecutionRole"
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: AWSCloudFormationStackSetExecutionRole
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              AWS:
                - !Ref AWS::AccountId
            Action:
              - sts:AssumeRole
      Path: /
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AdministratorAccess
	Resources:
	AdministrationRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: AWSCloudFormationStackSetAdministrationRole
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service: cloudformation.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: /
	Policies:
	- PolicyName: AssumeRole-AWSCloudFormationStackSetExecutionRole
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Action:
	- sts:AssumeRole
	Resource:
	- "arn:aws:iam::*:role/AWSCloudFormationStackSetExecutionRole"
	ExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: AWSCloudFormationStackSetExecutionRole
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	AWS:
	- !Ref AWS::AccountId
	Action:
	- sts:AssumeRole
	Path: /
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/AdministratorAccess