diff --git a/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml b/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
index 9127bae2d74be0527eb17b1b0ee3c4c221e13a5f..b309e03a0c1b8e6b114866630b9529377692c26b 100644
--- a/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
+++ b/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
@@ -194,7 +194,6 @@ Resources:
                     !Sub "${Environment}-IndexerServiceIamUserArn"
                   # TODO: need to create cognito user and identity pool and link it to principal for dynamic creation
                 - "arn:aws:iam::888733619319:role/Cognito_osduelasticsearchAuth_Role"
-                - 'arn:aws:cognito-idp:us-east-1:888733619319:userpool/us-east-1_JZGntWnCb'
             Action:
               - "es:*"
               - 'cognito-identity:*'
diff --git a/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml b/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
index a05ba524f73eed6cd5f4a3e720796c0c406d0787..3d5c9f144d52070bfebb81eacc4f32ba4b193f31 100644
--- a/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
+++ b/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
@@ -68,6 +68,7 @@ Resources:
                   - 'cognito-identity:*'
                   - 'cognito-idp:*'
                   - 'sts:AssumeRole'
+                  - "iam:*"
                 Effect: Allow
                 Resource: '*'
       UserName: !Sub ${Environment}-${IndexerServiceIamUsername}