From b6b9456b69a579c3cf5169f962bcf6b25ef90ccc Mon Sep 17 00:00:00 2001
From: DaWyz <alban.escalier@singlepoint.ie>
Date: Mon, 31 Aug 2020 23:51:52 +0000
Subject: [PATCH] fix(aws-stepfunctions-tasks): fix execution role permissions

---
 .../aws-stepfunctions-tasks/lib/codebuild/start-build.ts      | 2 ++
 .../test/codebuild/integ.start-build.expected.json            | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/codebuild/start-build.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/codebuild/start-build.ts
index f4341a3e7c521..1a361405843ee 100644
--- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/codebuild/start-build.ts
+++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/codebuild/start-build.ts
@@ -60,6 +60,8 @@ export class CodeBuildStartBuild extends sfn.TaskStateBase {
         actions: [
           'codebuild:StartBuild',
           'codebuild:StopBuild',
+          'codebuild:BatchGetBuilds',
+          'codebuild:BatchGetReports',
         ],
       }),
     ];
diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json
index 9720f657969e2..a3a245b0ddfd8 100644
--- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json
+++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json
@@ -191,7 +191,9 @@
             {
               "Action": [
                 "codebuild:StartBuild",
-                "codebuild:StopBuild"
+                "codebuild:StopBuild",
+                "codebuild:BatchGetBuilds",
+                "codebuild:BatchGetReports"
               ],
               "Effect": "Allow",
               "Resource": {