diff --git a/modules/aws/files/bootstrap_role_iam_policy.json.tpl b/modules/aws/files/bootstrap_role_iam_policy.json.tpl
index 4ecb534..ff3500c 100644
--- a/modules/aws/files/bootstrap_role_iam_policy.json.tpl
+++ b/modules/aws/files/bootstrap_role_iam_policy.json.tpl
@@ -215,6 +215,8 @@
         "ec2:CreateNetworkInterface",
         "ec2:CreateRoute",
         "ec2:CreateRouteTable",
+        "ec2:ReplaceRoute",
+        "ec2:ReplaceRouteTableAssociation",
         "ec2:CreateSecurityGroup",
         "ec2:CreateSubnet",
         "ec2:CreateTags",