diff --git a/terraform/ecc-aws-108-cloudfront_distribution_access_logging/iam/108-policy.json b/terraform/ecc-aws-108-cloudfront_distribution_access_logging/iam/108-policy.json
index d80f22ff9..c9a63f90f 100644
--- a/terraform/ecc-aws-108-cloudfront_distribution_access_logging/iam/108-policy.json
+++ b/terraform/ecc-aws-108-cloudfront_distribution_access_logging/iam/108-policy.json
@@ -1,12 +1,14 @@
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [ 
-                "cloudfront:GetDistributionConfig"
-            ],
-            "Resource": "*"
-        }
-    ]
-}
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"cloudfront:ListDistributions",
+				"cloudfront:GetDistributionConfig",
+				"tag:GetResources"
+			],
+			"Resource": "*"
+		}
+	]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-only_one_active_access_key_available_for_any_single_iam_user/iam/140-policy.json b/terraform/ecc-aws-140-only_one_active_access_key_available_for_any_single_iam_user/iam/140-policy.json
index 0ca88aa63..5d9c56d6c 100644
--- a/terraform/ecc-aws-140-only_one_active_access_key_available_for_any_single_iam_user/iam/140-policy.json
+++ b/terraform/ecc-aws-140-only_one_active_access_key_available_for_any_single_iam_user/iam/140-policy.json
@@ -3,7 +3,8 @@
     "Statement": [
         {
             "Effect": "Allow",
-            "Action": [
+            "Action": [ 
+                "iam:ListAccessKeys",
                 "iam:GetUser",
                 "iam:ListAccessKeys"
             ],