diff --git a/README.md b/README.md
index 87fd994..00bffb4 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,7 @@ See the [functions](https://github.com/terraform-aws-modules/terraform-aws-notif
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.sns_feedback](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.sns_feedback_allow_log_creation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
diff --git a/iam.tf b/iam.tf
index 280138e..5d9e80b 100644
--- a/iam.tf
+++ b/iam.tf
@@ -21,6 +21,23 @@ data "aws_iam_policy_document" "sns_feedback" {
   }
 }
 
+// See https://repost.aws/knowledge-center/monitor-sns-texts-cloudwatch for required permissions to deliver status logs
+data "aws_iam_policy_document" "sns_feedback_allow_delivery_status_logs" {
+  count = local.create_sns_feedback_role ? 1 : 0
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:PutMetricFilter",
+      "logs:PutRetentionPolicy",
+    ]
+    resources = ["*"]
+  }
+}
+
 resource "aws_iam_role" "sns_feedback_role" {
   count = local.create_sns_feedback_role ? 1 : 0
 
@@ -36,3 +53,11 @@ resource "aws_iam_role" "sns_feedback_role" {
     var.sns_topic_feedback_role_tags,
   )
 }
+
+resource "aws_iam_role_policy" "sns_feedback_role" {
+  count = local.create_sns_feedback_role ? 1 : 0
+
+  role   = aws_iam_role.sns_feedback_role[0].name
+  name   = "allow-delivery-status-logs"
+  policy = data.aws_iam_policy_document.sns_feedback_allow_delivery_status_logs[0].json
+}