{
    "Parameters": {
        "ExternalId":{
            "Type":"String",
            "Description":"Finout Provided External ID"
        }
    },
    "Resources": {
        "FinoutMetricsReadOnlyPolicy": {
            "Type": "AWS::IAM::ManagedPolicy",
            "Properties": {
                "PolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": [
                                "cloudwatch:ListMetrics",
                                "cloudwatch:GetMetricData",
                                "cloudwatch:GetMetricStatistics"
                            ],
                            "Resource": "*"
                        },
                        {
                            "Effect": "Allow",
                            "Action": ["ec2:DescribeVolumes"],
                            "Resource": "*"
                        },
                        {
                            "Effect": "Allow",
                            "Action": "organizations:ListAccounts",
                            "Resource": "*"
                        }
                    ]
                }            
            }
        },
        "FinoutMetricsReadOnlyRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "AWS": "277411487094"
                            },
                            "Action": [
                                "sts:AssumeRole"
                            ],
                                        "Condition": {
                                "StringEquals": {
                                    "sts:ExternalId": {"Ref":"ExternalId"}
                                }
                    }
                        }
                    ]
                },
                "RoleName":"FinoutMetricsReadOnlyRole",
                "Path": "/",
                "ManagedPolicyArns": [
                        { "Ref":"FinoutMetricsReadOnlyPolicy"}
                ]
            }
        }
    },
    "Outputs": {
        "FinoutReadOnlyRoleArn": {
            "Description": "The ARN of the FinoutMetricsReadOnlyRole role",
            "Value": {
                "Fn::GetAtt" : ["FinoutMetricsReadOnlyRole", "Arn"] 
            }
        }
    }
}