diff --git a/infra/deploy/ecs.tf b/infra/deploy/ecs.tf
index 629c5cf3..7cc7a9ef 100644
--- a/infra/deploy/ecs.tf
+++ b/infra/deploy/ecs.tf
@@ -243,3 +243,7 @@ resource "aws_ecs_service" "api" {
     container_port   = 8000
   }
 }
+
+resource "aws_iam_service_linked_role" "ecs" {
+  aws_service_name = "ecs.amazonaws.com"
+}
diff --git a/infra/setup/iam.tf b/infra/setup/iam.tf
index 12f07075..1baab789 100644
--- a/infra/setup/iam.tf
+++ b/infra/setup/iam.tf
@@ -158,6 +158,7 @@ data "aws_iam_policy_document" "rds" {
   statement {
     effect = "Allow"
     actions = [
+      "rds:AddTagsToResource",
       "rds:DescribeDBSubnetGroups",
       "rds:DescribeDBInstances",
       "rds:CreateDBSubnetGroup",
@@ -241,7 +242,10 @@ data "aws_iam_policy_document" "iam" {
       "iam:AttachRolePolicy",
       "iam:TagRole",
       "iam:TagPolicy",
-      "iam:PassRole"
+      "iam:PassRole",
+      "iam:CreateServiceLinkedRole",
+      "iam:DeleteServiceLinkedRole",
+      "iam:GetServiceLinkedRoleDeletionStatus"
     ]
     resources = ["*"]
   }