diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 60c40cc3..2f807e1a 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -34,7 +34,7 @@ jobs:
           echo "Changed files:"
           echo "$FILES"
 
-          declare -A ROLE_MAP=( 
+          declare -A ROLE_MAP=(
             ["operation-team-account"]="ROLE_ARN_OPERATION"
             ["identity-team-account"]="ROLE_ARN_IDENTITY"
             ["management-team-account"]="ROLE_ARN_MANAGEMENT"
@@ -117,6 +117,9 @@ jobs:
       - name: Run tfsec (fail on HIGH+)
         run: tfsec --minimum-severity HIGH --no-color ${{ matrix.dir }}
 
+      - name: Run tfsec (all severities) and save JSON
+        run: tfsec --format json --out tfsec_results.json ${{ matrix.dir }}
+
       - name: Terraform Init
         run: terraform init
         working-directory: ${{ matrix.dir }}
@@ -217,4 +220,4 @@ jobs:
         uses: infracost/actions/comment@v1
         with:
           path: ${{ matrix.dir }}/infracost.json
-          behavior: update
+          behavior: update
\ No newline at end of file
diff --git a/identity-team-account/OIDC/iam/main.tf b/identity-team-account/OIDC/iam/main.tf
index ab27c6ee..47f5b781 100644
--- a/identity-team-account/OIDC/iam/main.tf
+++ b/identity-team-account/OIDC/iam/main.tf
@@ -9,7 +9,9 @@ module "github_oidc" {
   # GitHub Actions에서 이 role을 사용할 수 있도록 허용하는 sub조건
   sub_condition = ["repo:WHS-DevSecOps-infra/Organization:*",
     "repo:WHS-DevSecOps-infra/Application-Deployment:*",
-  "repo:WHS-DevSecOps-infra/Monitoring:*"]
+    "repo:WHS-DevSecOps-infra/Monitoring:*",
+  "repo:WHS-DevSecOps-infra/Application-Development:*"]
+
 
 
   # 이 role에 연결할 정책들(IAM 정책 ARN)
diff --git a/management-team-account/OIDC/iam/main.tf b/management-team-account/OIDC/iam/main.tf
index 6249debb..8886d41b 100644
--- a/management-team-account/OIDC/iam/main.tf
+++ b/management-team-account/OIDC/iam/main.tf
@@ -24,15 +24,16 @@ resource "aws_iam_role_policy" "custom_inline_policy" {
     "Version" : "2012-10-17",
     "Statement" : [
       {
-        "Sid" : "VisualEditor0",
-        "Effect" : "Allow",
         "Action" : [
           "s3:*",
           "dynamoDB:*",
           "kms:*",
-          "iam:*"
+          "iam:*",
+          "cloudtrail:*"
         ],
-        "Resource" : "*"
+        "Effect" : "Allow",
+        "Resource" : "*",
+        "Sid" : "VisualEditor0"
       }
     ]
   })
diff --git a/operation-team-account/OIDC/iam/main.tf b/operation-team-account/OIDC/iam/main.tf
index c8d94933..4dc66645 100644
--- a/operation-team-account/OIDC/iam/main.tf
+++ b/operation-team-account/OIDC/iam/main.tf
@@ -34,81 +34,87 @@ resource "aws_iam_role_policy" "custom_inline_policy" {
     "Version" : "2012-10-17",
     "Statement" : [
       {
-        "Effect" : "Allow",
         "Action" : [
           "s3:ListBucket",
           "s3:GetObject",
           "s3:PutObject",
           "s3:*",
-          "sts:AssumeRole"
+          "sts:AssumeRole",
+          "events:*",
+          "es:*",
+          "lambda:*",
+          "inspector2:*"
         ],
-        "Resource" : ["*"]
+        "Effect" : "Allow",
+        "Resource" : [
+          "*"
+        ]
       },
       {
-        "Effect" : "Allow",
         "Action" : [
           "cloudwatch:*",
           "cloudtrail:*"
         ],
+        "Effect" : "Allow",
         "Resource" : "*"
       },
       {
-        "Sid" : "KMSAccess",
-        "Effect" : "Allow",
         "Action" : [
           "kms:*"
         ],
-        "Resource" : "*"
+        "Effect" : "Allow",
+        "Resource" : "*",
+        "Sid" : "KMSAccess"
       },
       {
-        "Sid" : "DynamoDBAccess",
-        "Effect" : "Allow",
         "Action" : [
           "dynamodb:*"
         ],
-        "Resource" : "*"
+        "Effect" : "Allow",
+        "Resource" : "*",
+        "Sid" : "DynamoDBAccess"
       },
       {
-        "Sid" : "TerraformBackendOperationState",
-        "Effect" : "Allow",
         "Action" : [
           "s3:GetObject",
           "s3:PutObject",
           "s3:ListBucket"
         ],
+        "Effect" : "Allow",
         "Resource" : [
           "arn:aws:s3:::cloudfence-operation-state",
           "arn:aws:s3:::cloudfence-operation-state/*"
-        ]
+        ],
+        "Sid" : "TerraformBackendOperationState"
       },
       {
-        "Sid" : "TerraformDynamoDBLock",
-        "Effect" : "Allow",
         "Action" : [
           "dynamodb:GetItem",
           "dynamodb:PutItem",
           "dynamodb:DeleteItem"
         ],
-        "Resource" : "arn:aws:dynamodb:*:*:table/s3-operation-lock"
+        "Effect" : "Allow",
+        "Resource" : "arn:aws:dynamodb:*:*:table/s3-operation-lock",
+        "Sid" : "TerraformDynamoDBLock"
       },
       {
-        "Sid" : "KMSAccessForState",
-        "Effect" : "Allow",
         "Action" : [
           "kms:Decrypt",
           "kms:Encrypt",
           "kms:GenerateDataKey"
         ],
-        "Resource" : "arn:aws:kms:ap-northeast-2:502676416967:key/9901c9d1-8b00-47a9-bd7a-53cfc1f70d25"
+        "Effect" : "Allow",
+        "Resource" : "arn:aws:kms:ap-northeast-2:502676416967:key/9901c9d1-8b00-47a9-bd7a-53cfc1f70d25",
+        "Sid" : "KMSAccessForState"
       },
       {
-        "Sid" : "ECRAndIAMManagement",
-        "Effect" : "Allow",
         "Action" : [
           "ecr:*",
           "iam:CreateServiceLinkedRole"
         ],
-        "Resource" : "*"
+        "Effect" : "Allow",
+        "Resource" : "*",
+        "Sid" : "ECRAndIAMManagement"
       }
     ]
     }