diff --git a/resources/sts/hypershift/openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json b/resources/sts/hypershift/openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json
index 299200ed44..6434ec118a 100644
--- a/resources/sts/hypershift/openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json
+++ b/resources/sts/hypershift/openshift_hcp_cluster_csi_driver_ebs_operator_cloud_credentials_policy.json
@@ -112,6 +112,7 @@
       }
     },
     {
+      "Sid": "CreateTagsOnCreate",
       "Effect": "Allow",
       "Action": [
         "ec2:CreateTags"
@@ -128,6 +129,22 @@
           ]
         }
       }
+    },
+    {
+      "Sid": "CreateTagsExistingVolumes",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateTags"
+      ],
+      "Resource": [
+        "arn:aws:ec2:*:*:volume/*",
+        "arn:aws:ec2:*:*:snapshot/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "aws:ResourceTag/red-hat-managed": "true"
+        }
+      }
     }
   ]
 }
\ No newline at end of file