diff --git a/policies/cloudformation-write-policy.yaml b/policies/cloudformation-write-policy.yaml
index 4d22101..273f792 100644
--- a/policies/cloudformation-write-policy.yaml
+++ b/policies/cloudformation-write-policy.yaml
@@ -63,3 +63,14 @@ Resources:
             Action:
               - s3:PutObject
             Resource: "*"
+          - Effect: Allow
+            Action:
+              - cloudfront:CreateFunction
+              - cloudfront:UpdateFunction
+              - cloudfront:PublishFunction
+              - cloudfront:DescribeFunction
+              - cloudfront:GetFunction
+              - cloudfront:DeleteFunction
+              - cloudfront:ListFunctions
+              - cloudfront:CreateInvalidation
+            Resource: "*"