function Get-AlkamiIamAssumeRolePolicyString {
<#
.SYNOPSIS
    Returns the string for an AWS IAM assume role policy.

.PARAMETER ServiceName
    [string] The AWS service name to grant sts:AssumeRole to in the policy (e.g. 'ec2', 'ecs-task').

.EXAMPLE
    Get-AlkamiIamAssumeRolePolicyString -ServiceName 'ec2'

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Sid":"AllowEcsAssumeRole","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}
#>
    [CmdletBinding()]
    [OutputType([string])]
    param(
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string] $ServiceName
    )

    $actualServiceName = $ServiceName
    if ( $false -eq $actualServiceName.EndsWith('.amazonaws.com') ) {
        $actualServiceName += '.amazonaws.com'
    }

    $policyObj = @{
        Version   = "2012-10-17"
        Statement = @(
            @{
                Sid       = "AllowAwsServiceAssumeRole"
                Action    = "sts:AssumeRole"
                Effect    = "Allow"
                Principal = @{
                    Service = $actualServiceName
                }
            }
        )
    }

    return (ConvertTo-Json -InputObject $policyObj -Compress -Depth 10)
}