From 6eb4d892a513afd524069a56897d741322aa3fa4 Mon Sep 17 00:00:00 2001
From: Simon Li <orpheus+devel@gmail.com>
Date: Wed, 25 May 2022 16:36:21 +0100
Subject: [PATCH] DeploymentInstance-Cfn.yaml: policy for deploying
 workspace_backup

---
 src/deployment/DeploymentInstance-Cfn.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/deployment/DeploymentInstance-Cfn.yaml b/src/deployment/DeploymentInstance-Cfn.yaml
index aea18b3e..4613080a 100644
--- a/src/deployment/DeploymentInstance-Cfn.yaml
+++ b/src/deployment/DeploymentInstance-Cfn.yaml
@@ -276,6 +276,19 @@ Resources:
                   - cloudformation:DescribeStackEvents
                 Effect: Allow
                 Resource: "*"
+        - PolicyName: CdkDeploy
+          PolicyDocument:
+            Statement:
+              # In addition to CloudFormationAccess
+              - Action:
+                  - cloudformation:CreateChangeSet
+                  - cloudformation:DescribeChangeSet
+                  - cloudformation:ExecuteChangeSet
+                  - ecr:CreateRepository
+                  - ecr:SetRepositoryPolicy
+                  - ecr:DescribeRepositories
+                Effect: Allow
+                Resource: "*"
         - PolicyName: LogsAccess
           PolicyDocument:
             Statement: