diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
index 7e3fde5..9805097 100755
--- a/packages/serverless-deploy-iam/bin/app.ts
+++ b/packages/serverless-deploy-iam/bin/app.ts
@@ -141,9 +141,13 @@ export class ServiceDeployIAM extends cdk.Stack {
           actions: ["lambda:*"],
         },
         {
-          name: "LAMBDA",
-          resources: [`*`],
+          name: "LAMBDA_EVENT_SOURCE_MAPPING",
+          resources: [
+            `arn:aws:lambda:${region}:${accountId}:event-source-mapping:*`,
+          ],
           actions: [
+            "lambda:TagResource",
+            "lambda:UntagResource",
             "lambda:GetEventSourceMapping",
             "lambda:ListEventSourceMappings",
             "lambda:CreateEventSourceMapping",