diff --git a/lib/deploy/stepFunctions/compileIamRole.js b/lib/deploy/stepFunctions/compileIamRole.js
index 6eae6e7..bcdc94c 100644
--- a/lib/deploy/stepFunctions/compileIamRole.js
+++ b/lib/deploy/stepFunctions/compileIamRole.js
@@ -563,6 +563,7 @@ function getEventBridgePermissions(state) {
 
 function getEventBridgeSchedulerPermissions(state) {
   const scheduleGroupName = state.Parameters.GroupName;
+  const scheduleTargetRoleArn = state.Parameters.Target.RoleArn;
 
   return [
     {
@@ -574,6 +575,10 @@ function getEventBridgeSchedulerPermissions(state) {
         ],
       },
     },
+    {
+      action: 'iam:PassRole',
+      resource: scheduleTargetRoleArn,
+    },
   ];
 }
 
diff --git a/lib/deploy/stepFunctions/compileIamRole.test.js b/lib/deploy/stepFunctions/compileIamRole.test.js
index 8b97f59..16eb644 100644
--- a/lib/deploy/stepFunctions/compileIamRole.test.js
+++ b/lib/deploy/stepFunctions/compileIamRole.test.js
@@ -3722,7 +3722,7 @@ describe('#compileIamRole', () => {
     ]);
   });
 
-  it('should give event bridge scheduler createSchedule permissions', () => {
+  it('should give event bridge scheduler createSchedule and passRole permissions', () => {
     const genStateMachine = id => ({
       id,
       definition: {
@@ -3765,14 +3765,17 @@ describe('#compileIamRole', () => {
       .provider.compiledCloudFormationTemplate.Resources.StateMachine1Role
       .Properties.Policies[0].PolicyDocument.Statement;
 
-    const eventPermissions = statements.filter(s => _.isEqual(s.Action, ['scheduler:CreateSchedule']));
-    expect(eventPermissions[0].Resource).to.has.lengthOf(1);
-    expect(eventPermissions[0].Resource).to.deep.eq([{
+    const schedulerPermissions = statements.filter(s => _.isEqual(s.Action, ['scheduler:CreateSchedule']));
+    expect(schedulerPermissions[0].Resource).to.has.lengthOf(1);
+    expect(schedulerPermissions[0].Resource).to.deep.eq([{
       'Fn::Sub': [
         'arn:${AWS::Partition}:scheduler:${AWS::Region}:${AWS::AccountId}:schedule/${scheduleGroupName}/*',
         { scheduleGroupName: 'MyScheduleGroup' },
       ],
     }]);
+    const rolePermissions = statements.filter(s => _.isEqual(s.Action, ['iam:PassRole']));
+    expect(rolePermissions[0].Resource).to.has.lengthOf(1);
+    expect(rolePermissions[0].Resource).to.deep.eq(['arn:aws:iam::${AWS::AccountId}:role/MyIAMRole']);
   });
 
   it('should handle permissionsBoundary', () => {