diff --git a/config/README.md b/config/README.md
index cec56d1..e0511cc 100644
--- a/config/README.md
+++ b/config/README.md
@@ -69,6 +69,7 @@ No modules.
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.aws_config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
+| [aws_iam_policy.aws_configrules_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy_document.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.config_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.config_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/config/role.tf b/config/role.tf
index 3466d23..d3d1a38 100644
--- a/config/role.tf
+++ b/config/role.tf
@@ -1,13 +1,17 @@
 locals {
   config_policies = {
-    "aws-config-role" = data.aws_iam_policy.aws_config_role.arn,
-    "p-inf-config"    = aws_iam_policy.config.arn,
+    "aws-config-role"      = data.aws_iam_policy.aws_config_role.arn,
+    "aws-configrules-role" = data.aws_iam_policy.aws_configrules_execution_role.arn,
+    "p-inf-config"         = aws_iam_policy.config.arn,
   }
 }
 
 data "aws_iam_policy" "aws_config_role" {
   name = "AWSConfigRole"
 }
+data "aws_iam_policy" "aws_configrules_execution_role" {
+  name = "AWSConfigRulesExecutionRole"
+}
 
 #---
 # role