diff --git a/main.tf b/main.tf
index b3c51cc..6b1ae01 100644
--- a/main.tf
+++ b/main.tf
@@ -163,6 +163,8 @@ data "aws_iam_policy_document" "irsa" {
     actions = [
       "s3:GetBucketLocation",
       "s3:GetBucketPolicy",
+      "s3:GetBucketPublicAccessBlock",
+      "s3:GetBucketOwnershipControls",
       "s3:ListBucket",
       "s3:ListBucketMultipartUploads",
       "s3:ListBucketVersions",