diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index 20a087d7..c8d34105 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -200,7 +200,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["*"]
+    resources = ["arn:aws:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -213,7 +213,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["*"]
+    resources = ["arn:aws:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -233,6 +233,11 @@ data "aws_iam_policy_document" "ebs_csi" {
     }
   }
 
+  statement {
+    actions   = ["ec2:CreateVolume"]
+    resources = ["arn:aws:ec2:*:*:snapshot/*"]
+  }
+
   statement {
     actions   = ["ec2:DeleteVolume"]
     resources = ["*"]