From b42734d8001ac2d40c30825f92a5df86a21fc73c Mon Sep 17 00:00:00 2001
From: James Miller <bensie@gmail.com>
Date: Sun, 27 Oct 2024 16:30:00 -0700
Subject: [PATCH] allow iam:PassRole for hotsock/* roles

---
 installer-permissions.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installer-permissions.yml b/installer-permissions.yml
index e263fd2..b392b6f 100644
--- a/installer-permissions.yml
+++ b/installer-permissions.yml
@@ -272,6 +272,10 @@ Resources:
               - redshift:PurchaseReservedNodeOffering
               - savingsplans:*
             Resource: "*"
+          - Sid: AllowPassingRoles
+            Effect: Allow
+            Action: iam:PassRole
+            Resource: !Sub arn:${AWS::Partition}:iam::*:role/hotsock/*
           - Sid: AllowOrgInfo
             Effect: Allow
             Action: organizations:DescribeOrganization