diff --git a/terraform/iam.tf b/terraform/iam.tf
index 17f4446f..e42dbde3 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -168,10 +168,12 @@ resource "aws_iam_policy" "github_actions_policy" {
           "s3:GetObject",    # Object read
           "s3:PutObject",    # Object write
           "s3:DeleteObject"  # Object deletion
+          "cloudfront:CreateInvalidation" # Invalidate cache
         ],
         Resource = [
           "arn:aws:s3:::wfprev-dev-site",        # Bucket-level actions like s3:ListBucket
           "arn:aws:s3:::wfprev-dev-site/*"      # Object-level actions
+          "arn:aws:cloudfront::183631341627:distribution/*"
         ]
       }
     ]