From b1e2e714c9a1979d93372f87ea767601fe7ff230 Mon Sep 17 00:00:00 2001
From: n0ct1s-k8sh <fco.tomas.ol@gmail.com>
Date: Mon, 29 Sep 2025 13:59:54 +0200
Subject: [PATCH] (fix) Add missing S3 perms for
 CustomControlTowerCodePipelineRole to allow source fetch

---
 customizations-for-aws-control-tower.template | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/customizations-for-aws-control-tower.template b/customizations-for-aws-control-tower.template
index 7839734..fcb412d 100644
--- a/customizations-for-aws-control-tower.template
+++ b/customizations-for-aws-control-tower.template
@@ -478,6 +478,9 @@ Resources:
                   - s3:PutObject
                   - s3:GetObject
                   - s3:GetObjectVersion
+                  - s3:GetObjectVersionTagging
+                  - s3:ListBucket
+                  - s3:PutObjectTagging
                 Resource:
                   - !Sub arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineArtifactS3Bucket}/*
                   - !Sub arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineS3Bucket}/*