diff --git a/main.tf b/main.tf
index 0bbfb5f..fcd2e63 100644
--- a/main.tf
+++ b/main.tf
@@ -114,7 +114,7 @@ resource "aws_s3_bucket" "default" {
 data "aws_iam_policy_document" "s3_bucket_policy" {
   statement {
     actions = [
-      "s3:GetObject",
+      "s3:GetObject"
     ]
 
     resources = [
@@ -149,9 +149,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
   statement {
     actions = [
       "s3:GetBucketLocation",
-      "s3:ListBucket",
-      "s3:GetObject",
-      "s3:PutObject"
+      "s3:ListBucket"
     ]
 
     resources = [
@@ -164,6 +162,21 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     }
   }
 
+  statement {
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject"
+    ]
+
+    resources = [
+      "${aws_s3_bucket.default.arn}/*",
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = var.bucket_access_roles_arn_list
+    }
+  }
 }
 
 resource "aws_s3_bucket_policy" "bucket_policy" {