AWS::IAM::Role:

Properties:
  AssumeRolePolicyDocument: |
    {
      "Version" => "2012-10-17",
        "Statement" => [ {
          "Effect"    => "Allow",
          "Principal" => {
            "Service" => [ "ec2.amazonaws.com|spotfleet.amazonaws.com" ]
          },
          "Action"    => [ "sts:AssumeRole" ]
        } ]
    }
  ManagedPolicyArns: |
    [
      "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole", 
      "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
    ]
  Path: "\"/Application/\""
  Policies: |
    [{
      "PolicyName" => "AllowNothing",
        "PolicyDocument" => {
          "Version"   => "2012-10-17",
          "Statement" => [ {
            "Effect"   => "Deny",
            "Action"   => "*",
            "Resource" => "*"
          } ]
        }
    }]