diff --git a/aws/iam/s3/full/main.tf b/aws/iam/s3/full/main.tf
index 7a3154d..72a72db 100644
--- a/aws/iam/s3/full/main.tf
+++ b/aws/iam/s3/full/main.tf
@@ -30,5 +30,6 @@ resource "aws_iam_policy_attachment" "mod" {
   name       = "s3-${var.name}-${var.env}-access"
   users      = var.users
   roles      = var.roles
+  groups     = var.groups
   policy_arn = aws_iam_policy.mod.arn
 }
diff --git a/aws/iam/s3/full/variables.tf b/aws/iam/s3/full/variables.tf
index f8b7add..07d3bc8 100644
--- a/aws/iam/s3/full/variables.tf
+++ b/aws/iam/s3/full/variables.tf
@@ -18,3 +18,7 @@ variable "roles" {
   default = []
 }
 
+variable "groups" {
+  type    = list(string)
+  default = []
+}