diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml
index 55f9ec49fa7..cc813e252ef 100644
--- a/.github/workflows/clang-format.yml
+++ b/.github/workflows/clang-format.yml
@@ -7,6 +7,9 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   format-check:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 2881a667a89..cae2d6b538a 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -2,6 +2,9 @@ name: Closed Issue Message
 on:
     issues:
        types: [closed]
+permissions:
+  issues: write
+
 jobs:
     auto_comment:
         runs-on: ubuntu-latest
diff --git a/.github/workflows/cspell.yml b/.github/workflows/cspell.yml
index b0bc75bdbe9..1a4c257edb7 100644
--- a/.github/workflows/cspell.yml
+++ b/.github/workflows/cspell.yml
@@ -2,6 +2,9 @@ name: cspell
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   cspell:
     name: cspell
diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
deleted file mode 100644
index f91f8c66632..00000000000
--- a/.github/workflows/license-check.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: License Scan
-
-on: [pull_request]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [3.9]
-
-    steps:
-      - name: Checkout target
-        uses: actions/checkout@v2
-        with:
-          path: sdkmain
-          ref: ${{ github.base_ref }}
-      - name: Checkout this ref
-        uses: actions/checkout@v3
-        with:
-          path: new-ref
-          fetch-depth: 0
-      - name: Get Diff
-        env:
-            BASE_COMMIT: ${{ github.event.pull_request.base.sha }}
-            COMMIT: ${{ github.sha }}
-        run: git --git-dir ./new-ref/.git diff --name-only --diff-filter=ACMRT "$BASE_COMMIT" "$COMMIT"| xargs > fileList.txt
-      - name: Checkout scancode
-        uses: actions/checkout@v2
-        with:
-          repository: nexB/scancode-toolkit
-          path: scancode-toolkit
-          fetch-depth: 1
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
-      # ScanCode
-      - name: Self-configure scancode
-        working-directory: ./scancode-toolkit
-        run: ./scancode --help
-      - name: Run Scan code on pr ref
-        run: for filename in $(< fileList.txt); do ./scancode-toolkit/scancode -l -n 30 --json-pp - ./sdkmain/$filename | grep short_name | sort | uniq >> old-licenses.txt; done
-      - name: Run Scan code on target
-        run: for filename in $(< fileList.txt); do ./scancode-toolkit/scancode -l -n 30 --json-pp - ./new-ref/$filename | grep short_name | sort | uniq >> new-licenses.txt; done
-      # compare
-      - name: License test
-        run: if ! cmp old-licenses.txt new-licenses.txt; then echo "Licenses differ! Failing."; exit -1; else echo "Licenses are the same. Success."; exit 0; fi
\ No newline at end of file
diff --git a/.github/workflows/license-scheduled-check.yml b/.github/workflows/license-scheduled-check.yml
deleted file mode 100644
index b68eb54aec7..00000000000
--- a/.github/workflows/license-scheduled-check.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-name: License Scan
-
-on: 
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [3.9]
-
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v4
-        with:
-          repository: aws/aws-sdk-cpp
-          path: aws-sdk-cpp
-          ref: main
-      - name: Checkout stable version
-        uses: actions/checkout@v4
-        with:
-          repository: aws/aws-sdk-cpp
-          path: new-ref
-          ref: "1.9.85"
-      - name: Checkout scancode
-        uses: actions/checkout@v4
-        with:
-          repository: nexB/scancode-toolkit
-          path: scancode-toolkit
-          fetch-depth: 1
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
-      # ScanCode
-      - name: Self-configure scancode
-        working-directory: ./scancode-toolkit
-        run: ./scancode --help
-      - name: Run Scan code
-        run: |
-          ./scancode-toolkit/scancode -l -n 30 --json-pp - ./aws-sdk-cpp/aws-cpp-sdk-core | grep short_name | sed -e 's/\"short_name\": //' -e 's/\"\,\?//g' | sort | uniq > old-licenses.txt
-          ./scancode-toolkit/scancode -l -n 30 --json-pp - ./new-ref/aws-cpp-sdk-core | grep short_name | sed -e 's/\"short_name\": //' -e 's/\"\,\?//g' | sort | uniq > new-licenses.txt
-      # compare
-      - name: License test
-        run: if ! cmp old-licenses.txt new-licenses.txt; then echo "Licenses differ! Failing."; exit -1; else echo "Licenses are the same. Success."; exit 0; fi
diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml
index 4aff44e8e03..a20088a5ff5 100644
--- a/.github/workflows/stale_issue.yml
+++ b/.github/workflows/stale_issue.yml
@@ -5,6 +5,10 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   cleanup:
     runs-on: ubuntu-latest