diff --git a/marbot-aws-account-connection.yml b/marbot-aws-account-connection.yml
index 173f6a4..ff68d91 100644
--- a/marbot-aws-account-connection.yml
+++ b/marbot-aws-account-connection.yml
@@ -121,7 +121,7 @@ Resources:
           {
             "Type": "monitoring-jump-start-connection",
             "StackTemplate": "marbot-aws-account-connection",
-            "StackVersion": "1.3.0",
+            "StackVersion": "1.3.1",
             "Partition": "${AWS::Partition}",
             "AccountId": "${AWS::AccountId}",
             "Region": "${AWS::Region}",
@@ -212,6 +212,8 @@ Resources:
               - 'cloudwatch:DescribeAlarms'
               - 'cloudwatch:ListTagsForResource'
               - 'cloudwatch:PutMetricAlarm'
+              - 'cloudwatch:TagResource'
+              - 'cloudwatch:UntagResource'
               Resource: !Sub 'arn:${AWS::Partition}:cloudwatch:*:${AWS::AccountId}:alarm:marbot*'
             - Effect: Allow
               Action:
@@ -222,6 +224,8 @@ Resources:
               - 'events:PutRule'
               - 'events:PutTargets'
               - 'events:RemoveTargets'
+              - 'events:TagResource'
+              - 'events:UntagResource'
               Resource: !Sub 'arn:${AWS::Partition}:events:*:${AWS::AccountId}:rule/marbot*'
             - Effect: Allow
               Action:
@@ -231,6 +235,8 @@ Resources:
               - 'sns:ListTagsForResource'
               - 'sns:SetTopicAttributes'
               - 'sns:Subscribe'
+              - 'sns:TagResource'
+              - 'sns:UntagResource'
               Resource: !Sub 'arn:${AWS::Partition}:sns:*:${AWS::AccountId}:marbot*'
             - Effect: Allow
               Action:
@@ -241,6 +247,8 @@ Resources:
               - 'rds:DescribeEventSubscriptions'
               - 'rds:ListTagsForResource'
               - 'rds:ModifyEventSubscription'
+              - 'rds:AddTagsToResource'
+              - 'rds:RemoveTagsFromResource'
               Resource: !Sub 'arn:${AWS::Partition}:rds:*:${AWS::AccountId}:es:marbot*'
             - Effect: Allow
               Action:
@@ -249,6 +257,10 @@ Resources:
               - 'logs:DeleteRetentionPolicy'
               - 'logs:ListTagsLogGroup'
               - 'logs:PutRetentionPolicy'
+              - 'logs:TagLogGroup'
+              - 'logs:TagResource'
+              - 'logs:UntagLogGroup'
+              - 'logs:UntagResource'
               Resource: !Sub 'arn:${AWS::Partition}:logs:*:${AWS::AccountId}:log-group:/aws/lambda/marbot*'
             - Effect: Allow
               Action:
@@ -262,6 +274,9 @@ Resources:
               - 'lambda:GetPolicy'
               - 'lambda:ListVersionsByFunction'
               - 'lambda:RemovePermission'
+              - 'lambda:ListTags'
+              - 'lambda:TagResource'
+              - 'lambda:UntagResource'
               Resource: !Sub 'arn:${AWS::Partition}:lambda:*:${AWS::AccountId}:function:marbot*'
             - Effect: Allow
               Action:
@@ -288,6 +303,9 @@ Resources:
               - 'iam:ListInstanceProfilesForRole'
               - 'iam:ListRolePolicies'
               - 'iam:UpdateRoleDescription'
+              - 'iam:ListRoleTags'
+              - 'iam:TagRole'
+              - 'iam:UntagRole'
               Resource: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/marbot*'
           PolicyName: MonitoringAssistantPolicy
         - !Ref 'AWS::NoValue'
@@ -336,7 +354,7 @@ Resources:
       MarbotFeatureAccountAlias: !Ref AccountAlias
       MarbotFeatureCloudWatchMetricGraph: !Ref CloudWatchMetricGraph
       MarbotFeatureCodePipelineApproval: !Ref CodePipelineApproval
-      CloudFormationStackVersion: '1.3.0'
+      CloudFormationStackVersion: '1.3.1'
       CloudFormationStackRegion: !Ref 'AWS::Region'
       CloudFormationStackId: !Ref 'AWS::StackId'
       CloudFormationStackName: !Ref 'AWS::StackName'
@@ -349,4 +367,4 @@ Outputs:
     Value: 'marbot-aws-account-connection'
   StackVersion:
     Description: 'Stack version.'
-    Value: '1.3.0'
+    Value: '1.3.1'