diff --git a/README.md b/README.md
index 827c62c..9c0fe97 100644
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ The audit policy is comprised of the following permissions:
 |                            | sso:DescribeInstanceAccessControlAttributeConfiguration |           |
 |                            | sso:GetInlinePolicyForPermissionSet                     |           |
 | GLACIER                    | glacier:ListTagsForVault                                | *         |
-| APIGATEWAY                 | apigateway:GET                                          | *         |
+| APIGATEWAY                 | apigateway:GET                                          | arn:aws:apigateway:*::/apikeys/*         |
 | WAFREGIONAL                | waf-regional:ListRules                                  | *         |
 |                            | waf-regional:GetRule                                    |           |
 |                            | waf-regional:ListRuleGroups                             |           |
diff --git a/main.tf b/main.tf
index 823d9fb..5fe1b35 100644
--- a/main.tf
+++ b/main.tf
@@ -94,7 +94,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
   statement {
     sid = "APIGATEWAY"
     actions = ["apigateway:GET"]
-    resources = ["*"]
+    resources = ["arn:aws:apigateway:*::/apikeys/*"]
   }
 
   statement {
@@ -102,7 +102,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["glacier:ListTagsForVault"]
     resources = ["*"]
   }
-
+  
   statement {
     sid = "WAFREGIONAL"
     actions = ["waf-regional:ListRules",