diff --git a/bastion/iam.go b/bastion/iam.go
index 7a8eee5..d799434 100644
--- a/bastion/iam.go
+++ b/bastion/iam.go
@@ -127,6 +127,9 @@ func CreateIAMPolicy(sess *session.Session) (string, error) {
 					"ssmmessages:OpenDataChannel",
 					"ssmmessages:OpenControlChannel",
 					"ssmmessages:CreateControlChannel",
+					"ssm:GetDocument",
+                	"ssm:UpdateInstanceAssociationStatus",
+                	"ssm:PutInventory",
 				},
 				Resource: "*",
 			},