diff --git a/templates/cloudfront-site.yaml b/templates/cloudfront-site.yaml
index 6feae08..e321666 100644
--- a/templates/cloudfront-site.yaml
+++ b/templates/cloudfront-site.yaml
@@ -49,6 +49,12 @@ Resources:
             Resource: !Sub '${S3BucketRootArn}/*'
             Principal:
               CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
+          - Action:
+              - s3:ListBucket
+            Effect: Allow
+            Resource: !Sub '${S3BucketRootArn}'
+            Principal:
+              CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
 
   LambdaEdgeFunction:
     DeletionPolicy: Retain