{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Description": "AWS CloudFormation template to create Role for CLoudlytics",
	"Parameters": {
		"AccountId": {
			"Type": "String",
			"Description": "Cloudlytics AWS Account ID"
		},
		"ExternalId": {
			"Type": "String",
			"Description": "External ID for Third Party IAM Role"
		}
	},
	"Resources": {
		"CloudlyticsIAMRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"Path": "/",
				"ManagedPolicyArns": [
					"arn:aws:iam::aws:policy/ReadOnlyAccess"
				],
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [{
						"Action": "sts:AssumeRole",
						"Effect": "Allow",
						"Principal": {
							"AWS": {
								"Fn::Join": [
									"",
									[
										"arn:aws:iam::",
										{
											"Ref": "AccountId"
										},
										":root"
									]
								]
							}
						},
						"Condition": {
							"StringEquals": {
								"sts:ExternalId": {
									"Ref": "ExternalId"
								}
							}
						}
					}]
				},
				"RoleName": "ThirdPartyRoleForCloudlytics"
			}
		}
	},
	"Outputs": {
		"roleARN": {
			"Description": "Information about the value",
			"Value": {
				"Fn::GetAtt": ["CloudlyticsIAMRole", "Arn"]
			}
		}
	}
}