diff --git a/modules/services/agentless-scanning/organizational.tf b/modules/services/agentless-scanning/organizational.tf
index 66d5b45..b24c59c 100644
--- a/modules/services/agentless-scanning/organizational.tf
+++ b/modules/services/agentless-scanning/organizational.tf
@@ -34,6 +34,10 @@ resource "aws_cloudformation_stack_set" "scanning_role_stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false
@@ -155,6 +159,10 @@ resource "aws_cloudformation_stack_set" "mgmt_acc_resources_stackset" {
   capabilities            = ["CAPABILITY_NAMED_IAM"]
   administration_role_arn = var.stackset_admin_role_arn
 
+  managed_execution {
+    active = true
+  }
+
   lifecycle {
     ignore_changes = [administration_role_arn]
   }
@@ -225,6 +233,10 @@ resource "aws_cloudformation_stack_set" "ou_resources_stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false
diff --git a/modules/services/event-bridge/organizational.tf b/modules/services/event-bridge/organizational.tf
index 41d7e1f..1b856ca 100644
--- a/modules/services/event-bridge/organizational.tf
+++ b/modules/services/event-bridge/organizational.tf
@@ -22,6 +22,10 @@ resource "aws_cloudformation_stack_set" "eb-rule-stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false
@@ -49,6 +53,10 @@ resource "aws_cloudformation_stack_set" "mgmt-stackset" {
   capabilities            = ["CAPABILITY_NAMED_IAM"]
   administration_role_arn = var.stackset_admin_role_arn
 
+  managed_execution {
+    active = true
+  }
+
   template_body = templatefile("${path.module}/stackset_template_body.tpl", {
     name                 = var.name
     event_pattern        = var.event_pattern
@@ -66,6 +74,10 @@ resource "aws_cloudformation_stack_set" "eb-role-stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false
diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
index 21834e1..9f448d7 100644
--- a/modules/services/trust-relationship/main.tf
+++ b/modules/services/trust-relationship/main.tf
@@ -103,6 +103,10 @@ resource "aws_cloudformation_stack_set" "stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false
diff --git a/modules/services/workload-scanning/organizational.tf b/modules/services/workload-scanning/organizational.tf
index 52fc986..397281b 100644
--- a/modules/services/workload-scanning/organizational.tf
+++ b/modules/services/workload-scanning/organizational.tf
@@ -30,6 +30,10 @@ resource "aws_cloudformation_stack_set" "scanning_role_stackset" {
   permission_model = "SERVICE_MANAGED"
   capabilities     = ["CAPABILITY_NAMED_IAM"]
 
+  managed_execution {
+    active = true
+  }
+
   auto_deployment {
     enabled                          = true
     retain_stacks_on_account_removal = false