diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index b13d8723..20be7c5a 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -431,11 +431,15 @@ resource "aws_iam_role_policy_attachment" "external_dns" {
 data "aws_iam_policy_document" "external_secrets" {
   count = var.create_role && var.attach_external_secrets_policy ? 1 : 0
 
+  statement {
+    actions   = ["ssm:DescribeParameters"]
+    resources = ["*"]
+  }
+
   statement {
     actions = [
       "ssm:GetParameter",
       "ssm:GetParameters",
-      "ssm:DescribeParameters",
     ]
     resources = var.external_secrets_ssm_parameter_arns
   }