diff --git a/locals.tf b/locals.tf
index afa9075..dc9af35 100644
--- a/locals.tf
+++ b/locals.tf
@@ -41,11 +41,11 @@ locals {
       }
     }
   }
-  karpenter_controller_role_policy_arns = merge(
+  karpenter_controller_role_policy_arns = var.create_karpenter_iam_role ? merge(
     {
-      "sqs_policy" = aws_iam_policy.sqs.arn
+      "sqs_policy" = aws_iam_policy.sqs[0].arn
     },
     var.additional_controller_role_policies_arn
-  )
+  ) : {}
   service_account_namespaces = var.k8s_service_account_namespace == "karpenter" ? ["${var.k8s_service_account_namespace}:${var.k8s_service_account_name}"] : ["${var.k8s_service_account_namespace}:${var.k8s_service_account_name}", "karpenter:${var.k8s_service_account_name}"]
 }
diff --git a/sqs.tf b/sqs.tf
index 4f3377e..8e0cd7d 100644
--- a/sqs.tf
+++ b/sqs.tf
@@ -14,6 +14,7 @@ data "aws_iam_policy_document" "sqs" {
 }
 
 resource "aws_iam_policy" "sqs" {
+  count       = var.create_karpenter_iam_role ? 1 : 0
   name_prefix = "${var.cluster_name}-karpenter-access-to-sqs"
   description = "Access policy for karpenter to access SQS for ${var.cluster_name}"
   policy      = data.aws_iam_policy_document.sqs.json
@@ -53,4 +54,9 @@ resource "aws_cloudwatch_event_target" "this" {
   rule      = aws_cloudwatch_event_rule.this[each.key].name
   target_id = "KarpenterInterruptionQueueTarget"
   arn       = aws_sqs_queue.karpenter.arn
+}
+
+moved {
+  from = aws_iam_policy.sqs
+  to   = aws_iam_policy.sqs[0]
 }
\ No newline at end of file