diff --git a/action/base-setup.yml b/action/base-setup.yml
index 82290a51..e60dfb44 100644
--- a/action/base-setup.yml
+++ b/action/base-setup.yml
@@ -231,6 +231,8 @@ Resources:
             Statement:
             - Effect: Allow
               Action:
+                - 'secretsmanager:GetSecretValue'
+                - 'kms:Decrypt'
                 # Allow the ECS Tasks to download images from ECR
                 - 'ecr:GetAuthorizationToken'
                 - 'ecr:BatchCheckLayerAvailability'