diff --git a/.github/workflows/terraform-standard-iac-pipeline-aws-account-matrix.yaml b/.github/workflows/terraform-standard-iac-pipeline-aws-account-matrix.yaml
index 50061d05..6ca62f15 100644
--- a/.github/workflows/terraform-standard-iac-pipeline-aws-account-matrix.yaml
+++ b/.github/workflows/terraform-standard-iac-pipeline-aws-account-matrix.yaml
@@ -13,6 +13,10 @@ on:
         options: [plan, apply, destroy]
         default: plan
 
+permissions:
+  id-token: write
+  contents: read
+
 env:
   BASE_DIR: iac-template/terraform-hcl-standard/aws-cloud/component/
   DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}