diff --git a/lab/iam/policies/base.yaml b/lab/iam/policies/base.yaml
index 5261d3e07..1fec16108 100644
--- a/lab/iam/policies/base.yaml
+++ b/lab/iam/policies/base.yaml
@@ -71,13 +71,14 @@ Statement:
     Resource: ["*"]
     Condition:
       StringLike:
-        kms:RequestAlias: "alias/${Env}*"
+        kms:RequestAlias: ["alias/${Env}*", "alias/eks/${Env}*"]
   - Effect: Allow
     Action:
       - kms:CreateAlias
       - kms:DeleteAlias
     Resource:
       - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/${Env}*
+      - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/eks/${Env}*
       - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/*
   - Effect: Allow
     Action: