diff --git a/main.tf b/main.tf
index 2b3ac10..261e5a2 100644
--- a/main.tf
+++ b/main.tf
@@ -140,6 +140,8 @@ data "aws_iam_policy_document" "this" {
         "kms:UntagResource",
         "kms:ScheduleKeyDeletion",
         "kms:CancelKeyDeletion",
+        "kms:ReplicateKey",
+        "kms:ImportKeyMaterial"
       ]
       resources = ["*"]