diff --git a/modules/aws/main.tf b/modules/aws/main.tf
index 03ff011..8d3fe5a 100644
--- a/modules/aws/main.tf
+++ b/modules/aws/main.tf
@@ -214,6 +214,12 @@ resource "aws_iam_role_policy_attachment" "bootstrap_policy" {
   role       = aws_iam_role.bootstrap_role[0].name
 }
 
+resource "aws_iam_role_policy_attachment" "bootstrap_readonly" {
+  count      = var.create_bootstrap_role ? 1 : 0
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+  role       = aws_iam_role.bootstrap_role[0].name
+}
+
 ######
 #-- Create the IAM role for the management of the StreamNative Cloud
 #-- This role is used by StreamNative for management and troubleshooting
@@ -246,6 +252,11 @@ resource "aws_iam_role_policy_attachment" "management_role" {
   role       = aws_iam_role.management_role.name
 }
 
+resource "aws_iam_role_policy_attachment" "management_readonly" {
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+  role       = aws_iam_role.management_role.name
+}
+
 ######
 #-- Creates the IAM Policies used by EKS Cluster add-on services
 ######