diff --git a/main.tf b/main.tf
index 4c853ae..0cbf5d6 100644
--- a/main.tf
+++ b/main.tf
@@ -324,23 +324,19 @@ resource "aws_iam_role" "this" {
   name                 = "${var.iam_resource_names_prefix}-role-${var.name}"
   path                 = "/"
   max_session_duration = "3600"
-  assume_role_policy = jsonencode(
-    {
-      "Version" : "2012-10-17",
-      "Statement" : [
-        {
-          "Effect" : "Allow",
-          "Principal" : {
-            "Service" : "ec2.amazonaws.com"
-          }
-          "Action" : "sts:AssumeRole",
-          "Condition" : {}
+  assume_role_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "ec2.amazonaws.com"
         }
-      ]
-    }
-  )
-
-  managed_policy_arns = concat(["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"], var.instance_profile_policies)
+        "Action" : "sts:AssumeRole",
+        "Condition" : {}
+      }
+    ]
+  })
 
   tags = merge(
     local.tags,
@@ -350,6 +346,13 @@ resource "aws_iam_role" "this" {
   )
 }
 
+# IAM role policy attachment
+resource "aws_iam_role_policy_attachment" "this" {
+  count      = length(concat(["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"], var.instance_profile_policies))
+  role       = aws_iam_role.this.name
+  policy_arn = element(concat(["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"], var.instance_profile_policies), count.index)
+}
+
 resource "aws_iam_role_policy" "ssm_params_and_secrets" {
   count  = length(data.aws_iam_policy_document.ssm_params_and_secrets)
   name   = "Ec2SSMParamsAndSecretsPolicy-${var.name}"