diff --git a/src/deployment/DeploymentInstance-Cfn.yaml b/src/deployment/DeploymentInstance-Cfn.yaml
index aea18b3e..4613080a 100644
--- a/src/deployment/DeploymentInstance-Cfn.yaml
+++ b/src/deployment/DeploymentInstance-Cfn.yaml
@@ -276,6 +276,19 @@ Resources:
                   - cloudformation:DescribeStackEvents
                 Effect: Allow
                 Resource: "*"
+        - PolicyName: CdkDeploy
+          PolicyDocument:
+            Statement:
+              # In addition to CloudFormationAccess
+              - Action:
+                  - cloudformation:CreateChangeSet
+                  - cloudformation:DescribeChangeSet
+                  - cloudformation:ExecuteChangeSet
+                  - ecr:CreateRepository
+                  - ecr:SetRepositoryPolicy
+                  - ecr:DescribeRepositories
+                Effect: Allow
+                Resource: "*"
         - PolicyName: LogsAccess
           PolicyDocument:
             Statement: