diff --git a/.github/skills/commit-message-generator/SKILL.md b/.github/skills/commit-message-generator/SKILL.md
index 7a41080..19ff1f1 100644
--- a/.github/skills/commit-message-generator/SKILL.md
+++ b/.github/skills/commit-message-generator/SKILL.md
@@ -6,6 +6,7 @@ description: Generate appropriate commit messages based on Git diffs
 ## Prerequisites
 - This Skill retrieves Git diffs and suggests meaningful commit messages
 - Message format should follow Conventional Commits
+- Commit messages should have a one-line Conventional Commits header, an optional blank second line, and from the third line onward include a bulleted list summarizing the changes
 - Commit messages should be in English
 - **Never perform Git commit or Git push**
 
diff --git a/policies/cloudformation-write-policy.yaml b/policies/cloudformation-write-policy.yaml
index 87ef5a9..4d22101 100644
--- a/policies/cloudformation-write-policy.yaml
+++ b/policies/cloudformation-write-policy.yaml
@@ -29,6 +29,29 @@ Resources:
               - cloudformation:ImportStacksToStackSet
               - cloudformation:ContinueUpdateRollback
             Resource: "*"
+          - Sid: ResourceScanningOperations
+            Effect: Allow
+            Action:
+              - cloudformation:DescribeResourceScan
+              - cloudformation:GetResource
+              - cloudformation:ListResources
+              - cloudformation:ListResourceScanRelatedResources
+              - cloudformation:ListResourceScanResources
+              - cloudformation:ListResourceScans
+              - cloudformation:ListTypes
+              - cloudformation:StartResourceScan
+            Resource: "*"
+          - Sid: TemplateGeneration
+            Effect: Allow
+            Action:
+              - cloudformation:CreateGeneratedTemplate
+              - cloudformation:DeleteGeneratedTemplate
+              - cloudformation:DescribeGeneratedTemplate
+              - cloudformation:GetResource
+              - cloudformation:GetGeneratedTemplate
+              - cloudformation:ListGeneratedTemplates
+              - cloudformation:UpdateGeneratedTemplate
+            Resource: "*"
 
           - Effect: Allow
             Action:
diff --git a/roles/cloudformation-write-role.yaml b/roles/cloudformation-write-role.yaml
index a6df4c0..8d814fe 100644
--- a/roles/cloudformation-write-role.yaml
+++ b/roles/cloudformation-write-role.yaml
@@ -87,6 +87,8 @@ Resources:
                   - s3:UntagResource
                   - s3:PutBucketNotification
                   - s3:PutBucketVersioning
+                  - s3:PutEncryptionConfiguration
+                  - s3:PutBucketPublicAccessBlock
                 Resource:
                   - arn:aws:s3:::*
         - PolicyName: CodePipelinePolicies
@@ -134,8 +136,30 @@ Resources:
               - Effect: Allow
                 Action:
                   - elasticloadbalancing:ModifyTargetGroup
+                  - elasticloadbalancing:CreateTargetGroup
+                  - elasticloadbalancing:DeleteTargetGroup
+                  - elasticloadbalancing:AddTags
+                  - elasticloadbalancing:RemoveTags
                 Resource:
                   - !Sub "arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:targetgroup/*"
+        - PolicyName: EbLoadbalancerPolicies
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - elasticloadbalancing:CreateRule
+                  - elasticloadbalancing:DeleteRule
+                  - elasticloadbalancing:ModifyRule
+                  - elasticloadbalancing:CreateListener
+                  - elasticloadbalancing:DeleteListener
+                  - elasticloadbalancing:AddTags
+                  - elasticloadbalancing:RemoveTags
+                  - elasticloadbalancing:ModifyListenerAttributes
+                Resource:
+                  - !Sub "arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:loadbalancer/*"
+                  - !Sub "arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:listener/*"
+                  - !Sub "arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:listener-rule/*"
         - PolicyName: EcsTaskPolicies
           PolicyDocument:
             Version: "2012-10-17"
diff --git a/roles/ecs-role.yaml b/roles/ecs-role.yaml
new file mode 100644
index 0000000..637777f
--- /dev/null
+++ b/roles/ecs-role.yaml
@@ -0,0 +1,24 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: IAM Role allowing ECS service to assume the role (trust policy).
+Resources:
+  ECSForInfrastructureManagementRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Sid: AllowAccessToECSForInfrastructureManagement
+            Effect: Allow
+            Principal:
+              Service: ecs.amazonaws.com
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForLoadBalancers
+
+
+Outputs:
+  ECSForInfrastructureManagementRoleArn:
+    Description: ARN of the ECS role
+    Value: !GetAtt ECSForInfrastructureManagementRole.Arn
+    Export:
+      Name: ECSForInfrastructureManagementRoleArn