diff --git a/lib/cloud/aws/policy_statements.go b/lib/cloud/aws/policy_statements.go
index ead15df770078..07b890ea99aa0 100644
--- a/lib/cloud/aws/policy_statements.go
+++ b/lib/cloud/aws/policy_statements.go
@@ -219,6 +219,8 @@ func StatementForListRDSDatabases() *Statement {
 			"rds:DescribeDBInstances",
 			"rds:DescribeDBClusters",
 			"ec2:DescribeSecurityGroups",
+			"ec2:DescribeSubnets",
+			"ec2:DescribeVpcs",
 		},
 		Resources: allResources,
 	}
diff --git a/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx b/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
index 50ad4ddd4cb09..49262da5c031c 100644
--- a/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
+++ b/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
@@ -142,7 +142,9 @@ export function ConfigureIamPerms({
       "Action": [
         "rds:DescribeDBInstances",
         "rds:DescribeDBClusters",
-        "ec2:DescribeSecurityGroups"
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeVpcs"
       ],
       "Resource": "*"
     }