diff --git a/tf/backup.tf b/tf/backup.tf
index 384f212..b8b259e 100644
--- a/tf/backup.tf
+++ b/tf/backup.tf
@@ -14,7 +14,7 @@ resource "aws_backup_plan" "riju" {
       delete_after = 7
     }
 
-    recovery_point_tags {
+    recovery_point_tags = {
       BillingCategory = "Riju"
     }
   }
diff --git a/tf/iam.tf b/tf/iam.tf
index a4c5302..6f6e3f4 100644
--- a/tf/iam.tf
+++ b/tf/iam.tf
@@ -19,6 +19,16 @@ data "aws_iam_policy_document" "deploy" {
     ]
   }
 
+  statement {
+    actions = [
+      "ecr:ListImages",
+    ]
+
+    resources = [
+      aws_ecr_repository.riju.arn,
+    ]
+  }
+
   statement {
     actions = [
       "s3:ListBucket",