diff --git a/permission-policies/aws-introspector-ro.json b/permission-policies/aws-introspector-ro.json
index 222dcc8..17c412b 100644
--- a/permission-policies/aws-introspector-ro.json
+++ b/permission-policies/aws-introspector-ro.json
@@ -3,6 +3,9 @@
     "Statement": [
         {
             "Action": [
+                "acm-pca:ListCertificateAuthorities",
+                "acm-pca:ListTags",
+                "acm-pca:GetPolicy",
                 "apigateway:GetRestApis",
                 "dax:ListTables",
                 "ds:ListAuthorizedApplications",
@@ -10,6 +13,8 @@
                 "ec2:GetEbsEncryptionByDefault",
                 "ec2:GetEbsDefaultKmsKeyId",
                 "ecr:Describe*",
+                "efs:Describe*",
+                "efs:ListTagsForResource",
                 "support:Describe*",
                 "ses:GetIdentity*",
                 "sns:GetSubscriptionAttributes",