add permissions to create service-linked role

ievgeniia ieromenko · ievgeniia ieromenko · commit ddf18706b556 · 2025-06-16T15:02:01.000-04:00
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml
@@ -400,6 +400,7 @@ Resources:
                   - iam:DeleteServiceLinkedRole
                 Resource:
                   - !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail*
+                  - !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/context.cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrailEventContext
       Tags:
         - Key: sra-solution
           Value: !Ref pSRASolutionName
