diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml
index 1ab83738..e2d1c5c2 100644
--- a/.github/workflows/release-automation.yaml
+++ b/.github/workflows/release-automation.yaml
@@ -62,7 +62,7 @@ jobs:
       # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
       # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
       id-token: write
-      contents: read # this is required for actions/checkout
+      contents: write # this is required for actions/checkout
     secrets: inherit
     with:
       ref_name: ${{ needs.get-latest-tag.outputs.tag }}
diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
index c799107f..785fcc4a 100644
--- a/.github/workflows/release-please.yaml
+++ b/.github/workflows/release-please.yaml
@@ -6,7 +6,7 @@ on:
 name: release-please
 
 permissions:
-  contents: write
+  contents: write # Required for trigger-release-automation job
   pull-requests: write
 
 jobs: