diff --git a/modules/kubernetes-addons/external-dns/data.tf b/modules/kubernetes-addons/external-dns/data.tf
index fa167d3f47..436e938847 100644
--- a/modules/kubernetes-addons/external-dns/data.tf
+++ b/modules/kubernetes-addons/external-dns/data.tf
@@ -5,15 +5,15 @@ data "aws_iam_policy_document" "external_dns_iam_policy_document" {
       [data.aws_route53_zone.selected.arn],
       var.route53_zone_arns
     ))
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:ListResourceRecordSets",
-    ]
+    actions = ["route53:ChangeResourceRecordSets"]
   }
 
   statement {
     effect    = "Allow"
     resources = ["*"]
-    actions   = ["route53:ListHostedZones"]
+    actions = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets",
+    ]
   }
 }