diff --git a/README.md b/README.md
index a920196e..28e8b60b 100644
--- a/README.md
+++ b/README.md
@@ -331,6 +331,7 @@ If you have a new feature idea, please create and issue.
 
 (alphabetical)
 
+- [Ben Moses](https://github.com/benjymoses)
 - [Kristian Dreher](https://www.linkedin.com/in/kristiandreher)
 - [Roger Chi](https://rogerchi.com/)
 - [Sebastian / avocadomaster](https://github.com/avocadomaster)
diff --git a/src/infraDeploy.ts b/src/infraDeploy.ts
index 45fad0f4..76ff07b6 100755
--- a/src/infraDeploy.ts
+++ b/src/infraDeploy.ts
@@ -37,9 +37,15 @@ const policyDocument = {
   Version: '2012-10-17',
   Statement: [
     {
-      Action: 'iot:*',
-      Resource: '*',
       Effect: 'Allow',
+      Action: [
+        'iot:DescribeEndpoint',
+        'iot:Connect',
+        'iot:Publish',
+        'iot:Subscribe',
+        'iot:Receive',
+      ],
+      Resource: '*',
     },
   ],
 };
diff --git a/test/utils/expectInfraDeployed.ts b/test/utils/expectInfraDeployed.ts
index bd2c3be5..24a079b9 100644
--- a/test/utils/expectInfraDeployed.ts
+++ b/test/utils/expectInfraDeployed.ts
@@ -30,14 +30,20 @@ export async function expectInfraDeployed(lambdaName: any) {
       ':layer:LambdaLiveDebugger:',
     );
     expect(policyDocument).toEqual({
+      Version: '2012-10-17',
       Statement: [
         {
-          Action: 'iot:*',
           Effect: 'Allow',
+          Action: [
+            'iot:DescribeEndpoint',
+            'iot:Connect',
+            'iot:Publish',
+            'iot:Subscribe',
+            'iot:Receive',
+          ],
           Resource: '*',
         },
       ],
-      Version: '2012-10-17',
     });
   }
 }