[...] Resources: FortiVPC: Type: AWS::EC2::VPC Properties: CidrBlock: Ref: VPCNet Tags: - Key: Name Value: Ref: VPCName FortiVPCFrontNet: Type: AWS::EC2::Subnet Properties: CidrBlock: Ref: VPCSubnetFront MapPublicIpOnLaunch: true VpcId: Ref: FortiVPC FortiVPCBackNet: Type: AWS::EC2::Subnet Properties: CidrBlock: Ref: VPCSubnetBack MapPublicIpOnLaunch: false AvailabilityZone: !GetAtt FortiVPCFrontNet.AvailabilityZone VpcId: Ref: FortiVPC FortiSecGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Group for FG GroupName: fg SecurityGroupEgress: - IpProtocol: -1 CidrIp: 0.0.0.0/0 SecurityGroupIngress: - IpProtocol: tcp FromPort: 0 ToPort: 65535 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 0 ToPort: 65535 CidrIp: 0.0.0.0/0 VpcId: Ref: FortiVPC InstanceProfile: Properties: Path: / Roles: - Ref: InstanceRole Type: AWS::IAM::InstanceProfile InstanceRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com Version: 2012-10-17 Path: / Policies: - PolicyDocument: Statement: - Action: - ec2:Describe* - ec2:AssociateAddress - ec2:AssignPrivateIpAddresses - ec2:UnassignPrivateIpAddresses - ec2:ReplaceRoute - s3:GetObject Effect: Allow Resource: '*' Version: 2012-10-17 PolicyName: ApplicationPolicy Type: AWS::IAM::Role