diff --git a/terraform/iam/policies/modules/kms.tf b/terraform/iam/policies/modules/kms.tf
new file mode 100644
index 0000000..f63c3b7
--- /dev/null
+++ b/terraform/iam/policies/modules/kms.tf
@@ -0,0 +1,20 @@
+resource "aws_iam_policy" "kms_policy" {
+  name        = "DSK_KeyManagementService"
+  path        = "/"
+
+  policy = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "kms:Decrypt",
+          "kms:GenerateDataKey"
+        ],
+        "Resource": [
+          "arn:aws:kms:ap-northeast-2:508259851457:key/a48b1e88-a9bb-4d86-a481-ef54e2f40452"
+        ]
+      }
+    ]
+  })
+}
\ No newline at end of file