diff --git a/CHANGELOG.md b/CHANGELOG.md
index 46173b7..da8cf7f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -370,3 +370,7 @@
 * 2.6.1 -- 2024-09-11
   - cloudtrail
     - add variable enable_logging to disable the objectlogging trail
+
+* 2.6.2 -- 2024-09-13
+  - terraform-state
+    - add for Terragrunt: dynamodb:DescribeTable permission, s3:GetBucketVersioning
diff --git a/common/version.tf b/common/version.tf
index 881c400..4d32dce 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.6.1"
+  _module_version = "2.6.2"
 }
diff --git a/terraform-state/policy.tf b/terraform-state/policy.tf
index 7458a45..58dd84c 100644
--- a/terraform-state/policy.tf
+++ b/terraform-state/policy.tf
@@ -39,21 +39,32 @@ data "aws_iam_policy_document" "tfstate" {
     sid       = "TFRemoteStateList"
     effect    = "Allow"
     resources = [aws_s3_bucket.tfstate.arn]
-    actions   = ["s3:ListBucket"]
+    actions = [
+      "s3:ListBucket",
+      "s3:GetBucketVersioning",
+    ]
   }
 
   statement {
     sid       = "TFRemoteState"
     effect    = "Allow"
     resources = ["${aws_s3_bucket.tfstate.arn}/*"]
-    actions   = ["s3:GetObject", "s3:PutObject"]
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject"
+    ]
   }
 
   statement {
     sid       = "TFRemoteStateDDB"
     effect    = "Allow"
     resources = [aws_dynamodb_table.tfstate.arn]
-    actions   = ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:DeleteItem"]
+    actions = [
+      "dynamodb:DescribeTable",
+      "dynamodb:GetItem",
+      "dynamodb:PutItem",
+      "dynamodb:DeleteItem"
+    ]
   }
 }
 
@@ -82,9 +93,12 @@ data "aws_iam_policy_document" "tfstate_kms" {
 #---
 data "aws_iam_policy_document" "tfstate_read" {
   statement {
-    sid       = "TFRemoteStateList"
-    effect    = "Allow"
-    actions   = ["s3:ListBucket*"]
+    sid    = "TFRemoteStateList"
+    effect = "Allow"
+    actions = [
+      "s3:ListBucket*",
+      "s3:GetBucketVersioning",
+    ]
     resources = [aws_s3_bucket.tfstate.arn]
   }
   statement {
@@ -102,6 +116,7 @@ data "aws_iam_policy_document" "tfstate_read" {
     sid    = "TFRemoteStateDDB"
     effect = "Allow"
     actions = [
+      "dynamodb:DescribeTable",
       "dynamodb:GetItem",
       #      "dynamodb:PutItem",
       #      "dynamodb:DeleteItem",
@@ -127,9 +142,12 @@ data "aws_iam_policy_document" "tfstate_read" {
 #---
 data "aws_iam_policy_document" "tfstate_write" {
   statement {
-    sid       = "TFRemoteStateList"
-    effect    = "Allow"
-    actions   = ["s3:ListBucket*"]
+    sid    = "TFRemoteStateList"
+    effect = "Allow"
+    actions = [
+      "s3:ListBucket*",
+      "s3:GetBucketVersioning",
+    ]
     resources = [aws_s3_bucket.tfstate.arn]
   }
   statement {
@@ -146,6 +164,7 @@ data "aws_iam_policy_document" "tfstate_write" {
     sid    = "TFRemoteStateDDB"
     effect = "Allow"
     actions = [
+      "dynamodb:DescribeTable",
       "dynamodb:GetItem",
       "dynamodb:PutItem",
       "dynamodb:DeleteItem",