diff --git a/cluster.tf b/cluster.tf
index acb49e13f9..cb1a76cf09 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -141,7 +141,10 @@ data "aws_iam_policy_document" "cluster_elb_sl_role_creation" {
 
   statement {
     effect    = "Allow"
-    actions   = ["ec2:DescribeAccountAttributes"]
+    actions   = [
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeInternetGateways"
+    ]
     resources = ["*"]
   }
 }