feat(iam): allow cloudfront function updates

- grant CloudFront Function and invalidation permissions

policies/cloudformation-write-policy.yaml

@@ -63,3 +63,14 @@ Resources:
             Action:
               - s3:PutObject
             Resource: "*"
+          - Effect: Allow
+            Action:
+              - cloudfront:CreateFunction
+              - cloudfront:UpdateFunction
+              - cloudfront:PublishFunction
+              - cloudfront:DescribeFunction
+              - cloudfront:GetFunction
+              - cloudfront:DeleteFunction
+              - cloudfront:ListFunctions
+              - cloudfront:CreateInvalidation
+            Resource: "*"