diff --git a/modules/github-oidc-provider/main.tf b/modules/github-oidc-provider/main.tf
index 5482941b..21bc6f90 100644
--- a/modules/github-oidc-provider/main.tf
+++ b/modules/github-oidc-provider/main.tf
@@ -151,6 +151,7 @@ data "aws_iam_policy_document" "extra_permissions_apply" {
       "identitystore:ListGroups",
       "identitystore:GetGroupId",
       "identitystore:DescribeGroup",
+      "identitystore:CreateGroup",
       "kms:Decrypt",
       "lambda:*",
       "license-manager:*",