diff --git a/iam.tf b/iam.tf
index 47f22608..f0785f8b 100644
--- a/iam.tf
+++ b/iam.tf
@@ -42,7 +42,10 @@ data "aws_iam_policy_document" "cluster_elb_service_role" {
     effect = "Allow"
     actions = [
       "ec2:DescribeAccountAttributes",
-      "ec2:DescribeInternetGateways"
+      "ec2:DescribeAddresses",
+      "ec2:DescribeInternetGateways",
+      "elasticloadbalancing:SetIpAddressType",
+      "elasticloadbalancing:SetSubnets"
     ]
     resources = ["*"]
   }