diff --git a/roles/cloudformation-write-role.yaml b/roles/cloudformation-write-role.yaml
index 988649a..85a1ab8 100644
--- a/roles/cloudformation-write-role.yaml
+++ b/roles/cloudformation-write-role.yaml
@@ -26,6 +26,8 @@ Resources:
                   - ecr:DeleteRepositoryPolicy
                   - ecr:PutImageScanningConfiguration
                   - ecr:SetRepositoryPolicy
+                  - ecr:PutLifecyclePolicy
+                  - ecr:DeleteLifecyclePolicy
                 Resource:
                   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/*
         - PolicyName: RoleWrite
@@ -79,7 +81,12 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
+                  - s3:CreateBucket
+                  - s3:DeleteBucket
+                  - s3:TagResource
+                  - s3:UntagResource
                   - s3:PutBucketNotification
+                  - s3:PutBucketVersioning
                 Resource:
                   - arn:aws:s3:::*
         - PolicyName: CodePipelinePolicies
@@ -88,10 +95,24 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
+                  - codepipeline:CreatePipeline
                   - codepipeline:UpdatePipeline
+                  - codepipeline:DeletePipeline
                 Resource:
                   - !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*"
                   - !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*/*"
+        - PolicyName: CodeBuildPolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - codebuild:CreateProject
+                  - codebuild:UpdateProject
+                  - codebuild:DeleteProject
+                Resource:
+                  - !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:*"
+                  - !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:*/*"
         - PolicyName: EventPolicies
           PolicyDocument:
             Version: "2012-10-17"
@@ -102,6 +123,8 @@ Resources:
                   - events:DeleteRule
                   - events:PutTargets
                   - events:RemoveTargets
+                  - events:TagResource
+                  - events:UntagResource
                 Resource:
                   - !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/*"
         - PolicyName: EbPolicies
@@ -148,6 +171,32 @@ Resources:
                   - ecs:TagResource
                 Resource:
                   - !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:cluster/*"
+        - PolicyName: LambdaPolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - lambda:CreateFunction
+                  - lambda:DeleteFunction
+                  - lambda:TagResource
+                  - lambda:UntagResource
+                  - lambda:AddPermission
+                  - lambda:RemovePermission
+                Resource:
+                  - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*"
+        - PolicyName: ApiGatewayPolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - apigateway:PUT
+                  - apigateway:PATCH
+                  - apigateway:POST
+                  - apigateway:DELETE
+                Resource:
+                  - !Sub "arn:aws:apigateway:${AWS::Region}::/restapis/*"
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/ReadOnlyAccess
         - !Sub arn:aws:iam::${AWS::AccountId}:policy/CloudFormationWrite