diff --git a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
index a0383ea6..e04b3cb3 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
@@ -29,7 +29,7 @@ resource "aws_iam_role" "role" {
     Version = "2012-10-17"
     Statement = [
       {
-        Action = ["sts:AssumeRole", "sts:SetSourceIdentity"]
+        Action = ["sts:AssumeRole", "sts:SetSourceIdentity", "sts:TagSession"]
         Effect = "Allow"
         Sid    = ""
         Principal = {