diff --git a/route53-zone-association/lambda-role/main.tf b/route53-zone-association/lambda-role/main.tf
index 99994cd..25de0c1 100644
--- a/route53-zone-association/lambda-role/main.tf
+++ b/route53-zone-association/lambda-role/main.tf
@@ -47,6 +47,7 @@ data "aws_iam_policy_document" "policy" {
     effect = "Allow"
     actions = [
       "iam:ListAccountAliases",
+      "ec2:DescribeVpcs",
       "route53:Get*",
       "route53:List*",
       "route53:TestDNSAnswer",
diff --git a/route53-zone-association/terraform-role/main.tf b/route53-zone-association/terraform-role/main.tf
index a8d9a45..a72f3f9 100644
--- a/route53-zone-association/terraform-role/main.tf
+++ b/route53-zone-association/terraform-role/main.tf
@@ -47,6 +47,7 @@ data "aws_iam_policy_document" "policy" {
     effect = "Allow"
     actions = [
       "iam:ListAccountAliases",
+      "ec2:DescribeVpcs",
       "route53:Get*",
       "route53:List*",
       "route53:AssociateVPCWithHostedZone",