diff --git a/modules/backup/iam.tf b/modules/backup/iam.tf
index 6f36e87..b11c3db 100644
--- a/modules/backup/iam.tf
+++ b/modules/backup/iam.tf
@@ -54,20 +54,7 @@ data "aws_iam_policy_document" "graphdb_s3_key_admin_role_permissions" {
       "kms:EnableKeyRotation",
       "kms:ListResourceTags",
       "kms:ScheduleKeyDeletion",
-      "kms:DisableKeyRotation"
-    ]
-
-    resources = [
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/*",
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:alias/*"
-    ]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "kms:ListAliases",
+      "kms:DisableKeyRotation",
       "tag:GetResources"
     ]
 
diff --git a/modules/graphdb/iam.tf b/modules/graphdb/iam.tf
index cdefef34..4daa5b2 100644
--- a/modules/graphdb/iam.tf
+++ b/modules/graphdb/iam.tf
@@ -395,20 +395,6 @@ data "aws_iam_policy_document" "graphdb_ebs_key_admin_role_permissions" {
       "tag:GetResources"
     ]
 
-    resources = [
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/*",
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:alias/*"
-    ]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "kms:ListAliases",
-      "tag:GetResources"
-    ]
-
     resources = [
       "*"
     ]
@@ -484,20 +470,7 @@ data "aws_iam_policy_document" "graphdb_param_store_key_admin_role_permissions"
       "kms:EnableKeyRotation",
       "kms:ListResourceTags",
       "kms:ScheduleKeyDeletion",
-      "kms:DisableKeyRotation"
-    ]
-
-    resources = [
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/*",
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:alias/*"
-    ]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "kms:ListAliases",
+      "kms:DisableKeyRotation",
       "tag:GetResources"
     ]
 
diff --git a/modules/monitoring/iam.tf b/modules/monitoring/iam.tf
index f7630a7..4f36b40 100644
--- a/modules/monitoring/iam.tf
+++ b/modules/monitoring/iam.tf
@@ -53,19 +53,7 @@ data "aws_iam_policy_document" "graphdb_parameter_store_key_admin_role_permissio
       "kms:EnableKeyRotation",
       "kms:ListResourceTags",
       "kms:ScheduleKeyDeletion",
-      "kms:DisableKeyRotation"
-    ]
-
-    resources = [
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/*",
-      "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:alias/*"
-    ]
-  }
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "kms:ListAliases",
+      "kms:DisableKeyRotation",
       "tag:GetResources"
     ]