diff --git a/docs/guides/additional-tags.md b/docs/guides/additional-tags.md
index d07b3af9..749ba3ff 100644
--- a/docs/guides/additional-tags.md
+++ b/docs/guides/additional-tags.md
@@ -39,7 +39,8 @@ For the additional tags functionality to work properly, the IAM role linked to t
     "Effect": "Allow",
     "Action": [
         "tag:TagResources",
-        "tag:UntagResources"
+        "tag:UntagResources",
+        "tag:GetResources"
     ],
     "Resource": "*"
 }
diff --git a/files/controller-installation/recommended-inline-policy.json b/files/controller-installation/recommended-inline-policy.json
index 6741747e..488ea647 100644
--- a/files/controller-installation/recommended-inline-policy.json
+++ b/files/controller-installation/recommended-inline-policy.json
@@ -20,7 +20,9 @@
                 "tag:GetResources",
                 "firehose:TagDeliveryStream",
                 "s3:GetBucketPolicy",
-                "s3:PutBucketPolicy"
+                "s3:PutBucketPolicy",
+                "tag:TagResources",
+                "tag:UntagResources"
             ],
             "Resource": "*"
         },