diff --git a/.github/workflows/iac_validate.yaml b/.github/workflows/iac_validate.yaml
index dcd9bfa97..6e9a15c06 100644
--- a/.github/workflows/iac_validate.yaml
+++ b/.github/workflows/iac_validate.yaml
@@ -8,6 +8,10 @@ env:
   environment: 'stage'
   AWS_REGION: us-east-1
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   validate-iac:
     runs-on: ubuntu-latest