Feature Request: Support additional_policy in post_deployments Section

[ZeeshanZubair2]

Description

I would like to request support for the additional_policy property in the post_deployments section of the pipeline manifest. This enhancement would allow users to specify additional IAM policies for tasks executed after deployments, offering greater flexibility and control over permissions during the post-deployment phase.

Proposed Code Snippet:

Here is an example of how the additional_policy property can be utilized in the post_deployments section:

  update_migration_service:
    buildspec: /post-deploy-buildspec.yml
    additional_policy:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - ecs:ListClusters
              - ecs:ListServices
              - ecs:UpdateService
            Resource: '*'
    depends_on: [service_name]

Use Case:

In scenarios where post-deployment tasks require specific permissions not covered by the default policies, users would benefit from the ability to specify additional IAM policies. For instance, when updating ECS services or interacting with other AWS resources, tailored permissions can be crucial for successful execution.

[KollaAdithya]

Hello @ZeeshanZubair2 !

Can you use copilot pipeline override feature that will help you to add an new policy