diff --git a/terraform/iam/policies/modules/policies.tf b/terraform/iam/policies/modules/policies.tf
index 219e30a..e3620b6 100644
--- a/terraform/iam/policies/modules/policies.tf
+++ b/terraform/iam/policies/modules/policies.tf
@@ -21,6 +21,14 @@ resource "aws_iam_policy" "policy" {
           "ec2:Stop*"
         ],
         "Resource": "*"
+      },
+      {
+        "Sid": "Invoke",
+        "Effect": "Allow",
+        "Action": [
+            "lambda:InvokeFunction"
+        ],
+        "Resource": "*"
       }
     ]
   })
diff --git a/terraform/iam/users/variables.tf b/terraform/iam/users/variables.tf
index 71d6dbd..3ae91b2 100644
--- a/terraform/iam/users/variables.tf
+++ b/terraform/iam/users/variables.tf
@@ -9,8 +9,9 @@ variable "iam_users" {
   default = {
     dsk-devops = {
       policies = [
+        "arn:aws:iam::508259851457:policy/DSK_LambdaExecute",
         "arn:aws:iam::aws:policy/AmazonS3FullAccess",
-        "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
+        "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"        
       ]
     }
   }