diff --git a/README.md b/README.md
index a8e9a23..5328ab9 100644
--- a/README.md
+++ b/README.md
@@ -164,6 +164,11 @@ The audit policy is comprised of the following permissions:
 |                            | backup:ListRecoveryPointsByResource                     |           |
 |                            | backup:ListReportPlans                                  |           |
 |                            | backup:ListRestoreJobs                                  |           |
+| COGNITO-IDP                | cognito-idp:GetSigningCertificate                       |           |
+|                            | cognito-idp:GetCSVHeader                                |           |
+|                            | cognito-idp:GetUserPoolMfaConfig                        |           |
+|                            | cognito-idp:GetUICustomization                          |           |
+
 | COMPUTEOPTIMIZER           | compute-optimizer:DescribeRecommendationExportJobs      | *         |
 |                            | compute-optimizer:GetAutoScalingGroupRecommendations    |           |
 |                            | compute-optimizer:GetEffectiveRecommendationPreferences |           |
diff --git a/main.tf b/main.tf
index ae4942d..f87dbd3 100644
--- a/main.tf
+++ b/main.tf
@@ -129,6 +129,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     sid = "GLUE"
     actions = ["glue:ListWorkflows",
       "glue:BatchGetWorkflows",
+      "glue:GetWorkflows",
       "glue:GetTags"]
     resources = ["*"]
   }
@@ -210,7 +211,17 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
-  
+
+  statement {
+    sid = "COGNITOIDP"
+    actions = ["cognito-idp:GetSigningCertificate",
+      "cognito-idp:GetCSVHeader",
+      "cognito-idp:GetUserPoolMfaConfig",
+      "cognito-idp:GetUICustomization",
+    ]
+    resources = ["*"]
+  }
+
   statement {
     sid       = "COMPUTEOPTIMIZER"
     actions   = [