diff --git a/cloudtrail-key/README.md b/cloudtrail-key/README.md
index 172f320..decfa34 100644
--- a/cloudtrail-key/README.md
+++ b/cloudtrail-key/README.md
@@ -76,6 +76,7 @@ No modules.
 | [aws_iam_policy_document.key_orig](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.key_policy_combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_regions.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source |
 
 ## Inputs
 
diff --git a/cloudtrail-key/main.tf b/cloudtrail-key/main.tf
index 3e5c7c7..380f4cb 100644
--- a/cloudtrail-key/main.tf
+++ b/cloudtrail-key/main.tf
@@ -252,7 +252,7 @@ data "aws_iam_policy_document" "key" {
     resources = ["*"]
     principals {
       type        = "Service"
-      identifiers = ["cloudtrail.amazonaws.com", "sns.amazonaws.com", "sqs.amazonaws.com"]
+      identifiers = ["cloudtrail.amazonaws.com", "sns.amazonaws.com", "sqs.amazonaws.com", "s3.amazonaws.com"]
     }
   }
   statement {
@@ -267,7 +267,7 @@ data "aws_iam_policy_document" "key" {
     resources = ["*"]
     principals {
       type        = "Service"
-      identifiers = ["cloudtrail.amazonaws.com"]
+      identifiers = ["cloudtrail.amazonaws.com", "s3.amazonaws.com"]
     }
     #    condition {
     #      test     = "StringLike"
@@ -311,7 +311,7 @@ data "aws_iam_policy_document" "key" {
     resources = ["*"]
     principals {
       type        = "Service"
-      identifiers = ["sns.amazonaws.com", "sqs.amazonaws.com"]
+      identifiers = ["sns.amazonaws.com", "sqs.amazonaws.com", "s3.amazonaws.com"]
     }
   }
 }