diff --git a/.github/workflows/base-deploy-to-production.yml b/.github/workflows/base-deploy-to-production.yml
index 9877577..cf878b3 100644
--- a/.github/workflows/base-deploy-to-production.yml
+++ b/.github/workflows/base-deploy-to-production.yml
@@ -122,7 +122,7 @@ jobs:
           ./tasks_github_actions.sh build-lambdas
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@v4
         with:
           terraform_version: latest
 
@@ -208,7 +208,7 @@ jobs:
           ./tasks_github_actions.sh build-lambdas
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@v4
         with:
           terraform_version: latest
 
diff --git a/.github/workflows/deploy-stack.yml b/.github/workflows/deploy-stack.yml
index 657ee78..f90f654 100644
--- a/.github/workflows/deploy-stack.yml
+++ b/.github/workflows/deploy-stack.yml
@@ -75,6 +75,11 @@ on:
         type: string
         default: main
 
+permissions:
+  pull-requests: write
+  id-token: write
+  contents: read
+
 jobs:
   terraform_plan_and_apply:
     runs-on: ubuntu-latest
@@ -110,7 +115,7 @@ jobs:
           ./tasks_github_actions.sh build-lambdas
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@v4
         with:
           terraform_version: latest
 
diff --git a/.github/workflows/destroy-stack.yml b/.github/workflows/destroy-stack.yml
index 9ee2159..eefa24b 100644
--- a/.github/workflows/destroy-stack.yml
+++ b/.github/workflows/destroy-stack.yml
@@ -49,7 +49,7 @@ jobs:
           mask-aws-account-id: true
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@v4
         with:
           terraform_version: "latest"