From d0922aaaaea34a372691768ecd22505e73797f30 Mon Sep 17 00:00:00 2001
From: Xavier Schildwachter <x.schildwachter@sagebase.org>
Date: Tue, 5 Nov 2024 12:36:45 -0800
Subject: [PATCH] Add permission to create object in S3

---
 org-formation/700-aws-sso/_tasks.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/org-formation/700-aws-sso/_tasks.yaml b/org-formation/700-aws-sso/_tasks.yaml
index 0ed14ba9..389bf8b6 100644
--- a/org-formation/700-aws-sso/_tasks.yaml
+++ b/org-formation/700-aws-sso/_tasks.yaml
@@ -641,6 +641,18 @@ SsoLlmDeveloper:
     managedPolicies:
       - 'arn:aws:iam::aws:policy/AmazonBedrockFullAccess'
       - 'arn:aws:iam::aws:policy/AWSCloudFormationFullAccess'
+#   https://stackoverflow.com/questions/58125181/cloud-formation-cant-upload-template-file
+    inlinePolicy: >-
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Effect": "Allow",
+                  "Action": "s3:PutObject",
+                  "Resource": "arn:aws:s3:::cf-template*"
+              }
+          ]
+      }
     sessionDuration: 'PT12H'
 
 # Role for a user that can only access AWS Athena in the Synapse Dev account