diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml
index d67c4395665..4c213932b0e 100644
--- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml
+++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml
@@ -175,6 +175,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - "states:StartExecution"
+                  - "states:DescribeStateMachine"
                 Resource:
                   - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
               - Sid: CloudFormation
diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml
index 67321d8e868..4c7fc5e7a93 100644
--- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml
+++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml
@@ -677,6 +677,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - "states:StartExecution"
+                  - "states:DescribeStateMachine"
                 Resource:
                   - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
               - Sid: CloudFormation
diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml
index 66c08704248..21c1636e083 100644
--- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml
+++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml
@@ -702,6 +702,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - "states:StartExecution"
+                  - "states:DescribeStateMachine"
                 Resource:
                   - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
               - Sid: CloudFormation
diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml
index 0881f8432cb..ea9083a87b6 100644
--- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml
+++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml
@@ -232,6 +232,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - "states:StartExecution"
+                  - "states:DescribeStateMachine"
                 Resource:
                   - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
               - Sid: CloudFormation
diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml
index ccab7aa2d57..519a0b60d54 100644
--- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml
+++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml
@@ -783,6 +783,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - "states:StartExecution"
+                  - "states:DescribeStateMachine"
                 Resource:
                   - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
               - Sid: CloudFormation
diff --git a/internal/pkg/deploy/env.go b/internal/pkg/deploy/env.go
index dd3e2fda9dc..d6ab1ff2e7f 100644
--- a/internal/pkg/deploy/env.go
+++ b/internal/pkg/deploy/env.go
@@ -14,7 +14,7 @@ const (
 	// LegacyEnvTemplateVersion is the version associated with the environment template before we started versioning.
 	LegacyEnvTemplateVersion = "v0.0.0"
 	// LatestEnvTemplateVersion is the latest version number available for environment templates.
-	LatestEnvTemplateVersion = "v1.12.1"
+	LatestEnvTemplateVersion = "v1.12.2"
 )
 
 // CreateEnvironmentInput holds the fields required to deploy an environment.
diff --git a/internal/pkg/template/templates/environment/partials/environment-manager-role.yml b/internal/pkg/template/templates/environment/partials/environment-manager-role.yml
index 4c0e036b972..5ddfc5f035a 100644
--- a/internal/pkg/template/templates/environment/partials/environment-manager-role.yml
+++ b/internal/pkg/template/templates/environment/partials/environment-manager-role.yml
@@ -95,6 +95,7 @@ EnvironmentManagerRole:
           Effect: Allow
           Action:
             - "states:StartExecution"
+            - "states:DescribeStateMachine"
           Resource:
             - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*"
         - Sid: CloudFormation