AWS::IAM::Role:
Properties: AssumeRolePolicyDocument: | { "Version" => "2012-10-17", "Statement" => [ { "Effect" => "Allow", "Principal" => { "Service" => [ "ec2.amazonaws.com|spotfleet.amazonaws.com" ] }, "Action" => [ "sts:AssumeRole" ] } ] } ManagedPolicyArns: | [ "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole", "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" ] Path: "\"/Application/\"" Policies: | [{ "PolicyName" => "AllowNothing", "PolicyDocument" => { "Version" => "2012-10-17", "Statement" => [ { "Effect" => "Deny", "Action" => "*", "Resource" => "*" } ] } }]