add passrole permission for nested stacks

cnfait · cnfait · commit 4f06b9d0d89c · 2024-02-07T11:31:24.000+01:00
diff --git a/sdlf-cicd/template-cicd-domain-roles.yaml b/sdlf-cicd/template-cicd-domain-roles.yaml
@@ -343,6 +343,13 @@ Resources:
                       - lambda.amazonaws.com
                       - lakeformation.amazonaws.com
                       - events.amazonaws.com
+              - Effect: Allow
+                Action: iam:PassRole
+                Resource: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/sdlf-cicd-domain # nested stacks
+                Condition:
+                  StringEquals:
+                    "iam:PassedToService":
+                      - cloudformation.amazonaws.com
               - Effect: Allow
                 Action:
                   - iam:DeleteRole
