diff --git a/terraform/github_actions.tf b/terraform/github_actions.tf
index cea734e..e7e0507 100644
--- a/terraform/github_actions.tf
+++ b/terraform/github_actions.tf
@@ -33,9 +33,9 @@ resource "aws_iam_role" "github_actions" {
 data "aws_iam_policy_document" "github_actions_policy" {
   statement {
     actions = [
-      "cloudfront:GetCloudFrontOriginAccessIdentity",
-      "cloudfront:CreateInvalidation",
-      "iam:GetOpenIDConnectProvider",
+      "acm:*",
+      "cloudfront:*",
+      "iam:*",
       "route53:*",
       "s3:*",
     ]