diff --git a/README.md b/README.md
index 95a87cfd..4cb7cb6b 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ Make sure you have the following installed before starting:
 The IAM role that is deploying the lambda will need the following permissions:
 ```
 acm:ListCertificates                *
+acm:DescribeCertificate             *
 apigateway:GET                      /domainnames/*
 apigateway:GET                      /domainnames/*/basepathmappings
 apigateway:DELETE                   /domainnames/*
diff --git a/scripts/cloudformation/serverless-domain-manager-deploy-policy.yaml b/scripts/cloudformation/serverless-domain-manager-deploy-policy.yaml
index 4a8e8153..7c5f2b3b 100644
--- a/scripts/cloudformation/serverless-domain-manager-deploy-policy.yaml
+++ b/scripts/cloudformation/serverless-domain-manager-deploy-policy.yaml
@@ -47,6 +47,7 @@ Resources:
           - Effect: Allow
             Action:
               - acm:ListCertificates
+              - acm:DescribeCertificate
             Resource: '*'
           - Effect: Allow
             Action: