diff --git a/.github/workflows/deploy-api-lambda-edge.yml b/.github/workflows/deploy-api-lambda-edge.yml
index bb985b463..ae6d81991 100644
--- a/.github/workflows/deploy-api-lambda-edge.yml
+++ b/.github/workflows/deploy-api-lambda-edge.yml
@@ -11,5 +11,8 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions: 
+      id-token: write
+      contents: read
     with:
       environment: edge
diff --git a/.github/workflows/deploy-api-lambda-prod.yml b/.github/workflows/deploy-api-lambda-prod.yml
index 9d43d5db3..ce3725fc4 100644
--- a/.github/workflows/deploy-api-lambda-prod.yml
+++ b/.github/workflows/deploy-api-lambda-prod.yml
@@ -14,6 +14,9 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions:
+      id-token: write
+      contents: read
     with:
       environment: prod
       ref: refs/tags/${{ github.event.inputs.ref }}
diff --git a/.github/workflows/deploy-api-lambda-staging.yml b/.github/workflows/deploy-api-lambda-staging.yml
index f5fedfe7c..d8aa73377 100644
--- a/.github/workflows/deploy-api-lambda-staging.yml
+++ b/.github/workflows/deploy-api-lambda-staging.yml
@@ -11,6 +11,9 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions:
+      id-token: write
+      contents: read
     with:
       environment: staging
       ref: refs/tags/${{ github.event.release.tag_name }}