In order to add the new privileges to the instance profile, we are going to edit the jenkins-cf-template.py template that we created earlier in the chapter. We are going to add a policy to grant permissions to allow the Jenkins instance to communicate with CodePipeline. This step is very similar to the change we made to grant S3 access to our web server previously.
Above the instance variable instantiation, add the following:
t.add_resource(IAMPolicy( "Policy", PolicyName="AllowS3", PolicyDocument=Policy( Statement=[ Statement( Effect=Allow, Action=[Action("s3", "*")], Resource=["*"]) ] ), ))
Then, save the changes and regenerate the template. The new template should look as follows: https://raw.githubusercontent.com/yogeshraheja/Effective-DevOps-with-AWS/master/Chapter05/EffectiveDevOpsTemplates/jenkins-cf-template.py ...