diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68c377d..0228841 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -321,3 +321,7 @@
 * 2.4.13 -- 2023-11-08
   - iam-general-policies
     - add cloudforms_kms_key_arns to be added at run-time
+
+* 2.4.14 -- 2023-11-09
+  - iam-general-policies
+    - add kms:ListGrants to KMS keys
diff --git a/common/version.tf b/common/version.tf
index ae971c9..046ed4f 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.13"
+  _module_version = "2.4.14"
 }
diff --git a/iam-general-policies/policy.cloudforms.tf b/iam-general-policies/policy.cloudforms.tf
index f31cca3..cdee95e 100644
--- a/iam-general-policies/policy.cloudforms.tf
+++ b/iam-general-policies/policy.cloudforms.tf
@@ -175,6 +175,7 @@ data "aws_iam_policy_document" "cloudforms_ami" {
       effect    = "Allow"
       resources = c.value
       actions = [
+        "kms:ListGrants",
         "kms:DescribeKey",
         "kms:ReEncrypt*",
         "kms:CreateGrant",