Cloudformation Template File(JSON)

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "CloudFormation Template as part of the AWS Serverless Data Lake Immersion Day to create an S3 bucket and relevant IAM roles and IAM policies.",
  "Resources": {
    "SDLS3Bucket": {
      "Type" : "AWS::S3::Bucket",
      "Properties" : {
        "BucketName": {
          "Fn::Join": [
            "-", [
              "sdl-immersion-day",
              {
                "Ref": "AWS::AccountId"
              }
            ]
          ]
        },
        "PublicAccessBlockConfiguration": {
          "BlockPublicAcls": true,
          "BlockPublicPolicy": true,
          "IgnorePublicAcls": true,
          "RestrictPublicBuckets": true
        }
      }
    },
    "SDLGlueRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": "SDL-GlueRole",
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "glue.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
        ]
      }
    },
    "SDLGlueInteractiveSessionsPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "AWSGlueInteractiveSessions",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "iam:PassRole",
              "Resource": {
                "Fn::GetAtt" : [ "SDLGlueRole", "Arn" ]
              },
              "Condition": {
                "StringLike": {
                  "iam:PassedToService": "glue.amazonaws.com"
                }
              }
            }
          ]
        },
        "Roles": [
          {
            "Ref": "SDLGlueRole"
          }
        ]
      }
    },
    "SDLGlueS3Policy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "S3BucketPermissions",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
              ],
              "Resource": {
                "Fn::Join": [
                  "", [
                    {
                      "Fn::GetAtt" : [ "SDLS3Bucket", "Arn" ]
                    },
                    "/*"
                  ]
                ]
              }
            }
          ]
        },
        "Roles": [
          {
            "Ref": "SDLGlueRole"
          }, {
            "Ref": "SDLFirehoseRole"
          }
        ]
      }
    },
    "SDLFirehoseRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": "SDL-FirehoseRole",
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "",
              "Effect": "Allow",
              "Principal": {
                "Service": "firehose.amazonaws.com"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                "StringEquals": {
                  "sts:ExternalId": {
                    "Ref": "AWS::AccountId"
                  }
                }
              }
            }
          ]
        },
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
        ]
      }
    }
  }
}