diff --git a/aws/policy/storage-services.yaml b/aws/policy/storage-services.yaml
index 553bfdfc..5319ef0c 100644
--- a/aws/policy/storage-services.yaml
+++ b/aws/policy/storage-services.yaml
@@ -7,6 +7,8 @@ Statement:
       - s3:DeleteBucket
       - s3:DeleteBucketOwnershipControls
       - s3:DeleteObject
+      - s3:DeleteObjectTagging
+      - s3:DeleteObjectVersionTagging
       - s3:GetBucketAccelerateConfiguration
       - s3:GetBucketAcl
       - s3:GetBucketCors
@@ -30,6 +32,8 @@ Statement:
       - s3:GetMetricsConfiguration
       - s3:GetObject
       - s3:GetObjectVersion
+      - s3:GetObjectTagging
+      - s3:GetObjectVersionTagging
       - s3:GetPublicAccessBlock
       - s3:HeadBucket
       - s3:HeadObject
@@ -50,6 +54,8 @@ Statement:
       - s3:PutLifecycleConfiguration
       - s3:PutObject
       - s3:PutObjectAcl
+      - s3:PutObjectTagging
+      - s3:PutObjectVersionTagging
     Resource: "*"
 
   - Sid: AllowGlobalUnrestrictedResourceActionsWhichIncurFees