diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 62ef9bc..6e80d06 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -155,6 +155,7 @@ resource "helm_release" "karpenter" {
       clusterName: ${module.eks.cluster_name}
       clusterEndpoint: ${module.eks.cluster_endpoint}
       interruptionQueue: ${module.karpenter.queue_name}
+      enableZonalShift: true
     webhook:
       enabled: false
     EOT
diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index 36f95de..6fc8421 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -190,6 +190,7 @@ data "aws_iam_policy_document" "controller" {
       "ec2:DescribeInstanceTypes",
       "ec2:DescribeLaunchTemplates",
       "ec2:DescribeSecurityGroups",
+      "ec2:DescribeInstanceStatus",
       "ec2:DescribeSpotPriceHistory",
       "ec2:DescribeSubnets",
       "ec2:DescribePlacementGroups"
@@ -214,6 +215,12 @@ data "aws_iam_policy_document" "controller" {
     actions   = ["pricing:GetProducts"]
   }
 
+  statement {
+    sid       = "AllowZonalShiftReadActions"
+    resources = ["arn:${local.partition}:eks:${local.region}:${local.account_id}:cluster/${var.cluster_name}"]
+    actions   = ["arc-zonal-shift:GetManagedResource"]
+  }
+
   dynamic "statement" {
     for_each = local.enable_spot_termination ? [1] : []