diff --git a/aws-janitor/resources/instance.go b/aws-janitor/resources/instance.go
index fcc01cda..d4cdae00 100644
--- a/aws-janitor/resources/instance.go
+++ b/aws-janitor/resources/instance.go
@@ -44,7 +44,7 @@ func (Instances) MarkAndSweep(opts Options, set *Set) error {
 		Filters: []ec2types.Filter{
 			{
 				Name:   aws2.String("instance-state-name"),
-				Values: []string{"running", "pending"},
+				Values: []string{"running", "pending", "stopped"},
 			},
 		},
 	}
diff --git a/infra/infra.go b/infra/infra.go
index f6f1a0da..bc729c76 100644
--- a/infra/infra.go
+++ b/infra/infra.go
@@ -133,6 +133,11 @@ func NewAwsJanitorStack(scope constructs.Construct, id string, props *AwsJanitor
 			jsii.String("ec2:DisassociateAddress"),
 			jsii.String("ec2:ReleaseAddress"),
 			jsii.String("ec2:TerminateInstances"),
+			jsii.String("ec2:RevokeSecurityGroupIngress"),
+			jsii.String("ec2:RevokeSecurityGroupEgress"),
+			jsii.String("ec2:DetachInternetGateway"),
+			jsii.String("ec2:AssociateDhcpOptions"),
+			jsii.String("ec2:DisassociateRouteTable"),
 
 			// ELB permissions
 			jsii.String("elasticloadbalancing:Describe*"),