From 643a427dba4b751345f6a2f07e3403dfd75e81c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20R=C3=BCegg?= <simon.ruegg@vshn.ch>
Date: Tue, 8 Jan 2019 10:10:39 +0100
Subject: [PATCH] Allow DescribeStackEvents

For the operator being able to retrieve stack events on failed
provisioning, this action is required.
---
 docs/install_prereqs.md  | 1 +
 setup/prerequisites.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/install_prereqs.md b/docs/install_prereqs.md
index 15b19172..241bf065 100644
--- a/docs/install_prereqs.md
+++ b/docs/install_prereqs.md
@@ -93,6 +93,7 @@ The role/user used for provisioning requires additional permissions for provisio
             "cloudformation:CreateStack",
             "cloudformation:DeleteStack",
             "cloudformation:DescribeStacks",
+            "cloudformation:DescribeStackEvents",
             "cloudformation:UpdateStack",
             "cloudformation:CancelUpdateStack"
          ],
diff --git a/setup/prerequisites.yaml b/setup/prerequisites.yaml
index edbc5f92..59e83f0d 100644
--- a/setup/prerequisites.yaml
+++ b/setup/prerequisites.yaml
@@ -70,6 +70,7 @@ Resources:
             - "cloudformation:CreateStack"
             - "cloudformation:DeleteStack"
             - "cloudformation:DescribeStacks"
+            - "cloudformation:DescribeStackEvents"
             - "cloudformation:UpdateStack"
             - "cloudformation:CancelUpdateStack"
             Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/aws-service-broker-*/*"