diff --git a/enos/ci/service-user-iam/main.tf b/enos/ci/service-user-iam/main.tf
index 484c184a9b..7e29ebcbd9 100644
--- a/enos/ci/service-user-iam/main.tf
+++ b/enos/ci/service-user-iam/main.tf
@@ -171,6 +171,7 @@ data "aws_iam_policy_document" "enos_policy_document" {
       "iam:CreateUserTag",
       "iam:DeleteAccessKey",
       "iam:DeleteInstanceProfile",
+      "iam:DeleteLoginProfile",
       "iam:DeletePolicy",
       "iam:DeleteRole",
       "iam:DeleteRole",
@@ -191,16 +192,22 @@ data "aws_iam_policy_document" "enos_policy_document" {
       "iam:ListPolicyVersions",
       "iam:ListAccessKeys",
       "iam:ListAttachedRolePolicies",
+      "iam:ListAttachedUserPolicies",
       "iam:ListGroupsForUser",
       "iam:ListInstanceProfiles",
       "iam:ListInstanceProfilesForRole",
+      "iam:ListMFADevices",
       "iam:ListPolicies",
       "iam:ListRolePolicies",
       "iam:ListRoles",
       "iam:ListRoles",
+      "iam:ListServiceSpecificCredentials",
+      "iam:ListSigningCertificates",
+      "iam:ListSSHPublicKeys",
       "iam:ListUserPolicies",
       "iam:ListUsers",
       "iam:ListUserTags",
+      "iam:ListVirtualMFADevices",
       "iam:PassRole",
       "iam:PutRolePolicy",
       "iam:PutUserPolicy",
diff --git a/enos/ci/service-user-iam/service-quotas.tf b/enos/ci/service-user-iam/service-quotas.tf
index 5914af2c13..e77876a115 100644
--- a/enos/ci/service-user-iam/service-quotas.tf
+++ b/enos/ci/service-user-iam/service-quotas.tf
@@ -26,7 +26,7 @@ resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" {
   provider     = aws.us_east_2
   quota_code   = local.subnets_per_vpc
   service_code = "vpc"
-  value        = 50
+  value        = 100
 }
 
 resource "aws_servicequotas_service_quota" "rds_subnet_groups_us_east_2" {
diff --git a/enos/modules/aws_iam_setup/main.tf b/enos/modules/aws_iam_setup/main.tf
index e1fd5862f8..792b8cf966 100644
--- a/enos/modules/aws_iam_setup/main.tf
+++ b/enos/modules/aws_iam_setup/main.tf
@@ -21,9 +21,7 @@ resource "aws_iam_user" "boundary" {
   name                 = "demo-${local.user_email}-${var.test_id}"
   tags                 = { boundary-demo = local.user_email }
   permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/DemoUser"
-  # If credential rotation is used, this is necessary to delete the user since a new access
-  # key will be generated.
-  force_destroy = var.enable_credential_rotation ? true : false
+  force_destroy        = true
 }
 
 resource "aws_iam_user_policy" "boundary" {