diff --git a/SecurityHub_CISPlaybooks_CloudFormation.yaml b/SecurityHub_CISPlaybooks_CloudFormation.yaml
index c7f8281..c49fbbd 100644
--- a/SecurityHub_CISPlaybooks_CloudFormation.yaml
+++ b/SecurityHub_CISPlaybooks_CloudFormation.yaml
@@ -1113,6 +1113,10 @@ Resources:
             Action:
             - cloudwatch:PutMetricData
             Resource: '*'
+          - Effect: Allow
+            Action:
+            - iam:PassRole
+            Resource: '*'
           - Effect: Allow
             Action:
             - logs:CreateLogGroup
@@ -1714,4 +1718,4 @@ Resources:
       SourceArn: 
         Fn::GetAtt: 
           - "CIS43RREventRule"
-          - "Arn"
\ No newline at end of file
+          - "Arn"