diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3a9985361b..83bc914b86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - [CI] Bump pre-commit-terraform version (by @barryib)
 - Added example `examples/irsa` for IAM Roles for Service Accounts (by @max-rocket-internet)
 - **Breaking:** Removal of autoscaling IAM policy and tags (by @max-rocket-internet)
+- Add `iam:GetOpenIDConnectProvider` grant to the required IAM permissions in `docs/iam-permissions.md` (by @danielelisi)
 
 #### Important notes
 
diff --git a/docs/iam-permissions.md b/docs/iam-permissions.md
index 4fbc828447..9c15083409 100644
--- a/docs/iam-permissions.md
+++ b/docs/iam-permissions.md
@@ -97,6 +97,7 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
                 "iam:DeleteServiceLinkedRole",
                 "iam:DetachRolePolicy",
                 "iam:GetInstanceProfile",
+		"iam:GetOpenIDConnectProvider",
                 "iam:GetPolicy",
                 "iam:GetPolicyVersion",
                 "iam:GetRole",
@@ -118,4 +119,4 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
         }
     ]
 }
-```
\ No newline at end of file
+```