diff --git a/infra/deploy/ecs.tf b/infra/deploy/ecs.tf
index 166ebc2..ef2febb 100644
--- a/infra/deploy/ecs.tf
+++ b/infra/deploy/ecs.tf
@@ -180,6 +180,10 @@ resource "aws_security_group" "ecs_service" {
   }
 }
 
+resource "aws_iam_service_linked_role" "ecs" {
+  aws_service_name = "ecs.amazonaws.com"
+}
+
 resource "aws_ecs_service" "api" {
   name                   = "${local.prefix}-api"
   cluster                = aws_ecs_cluster.main.name
diff --git a/infra/setup/iam.tf b/infra/setup/iam.tf
index 7492d93..9c1fa12 100644
--- a/infra/setup/iam.tf
+++ b/infra/setup/iam.tf
@@ -244,7 +244,10 @@ data "aws_iam_policy_document" "iam" {
       "iam:AttachRolePolicy",
       "iam:TagRole",
       "iam:TagPolicy",
-      "iam:PassRole"
+      "iam:PassRole",
+      "iam:CreateServiceLinkedRole",
+      "iam:DeleteServiceLinkedRole",
+      "iam:GetServiceLinkedRoleDeletionStatus"
     ]
     resources = ["*"]
   }