diff --git a/main.tf b/main.tf
index d324bd30..88293827 100644
--- a/main.tf
+++ b/main.tf
@@ -2407,7 +2407,10 @@ data "aws_iam_policy_document" "external_secrets" {
     for_each = length(var.external_secrets_secrets_manager_arns) > 0 ? [1] : []
 
     content {
-      actions   = ["secretsmanager:ListSecrets"]
+      actions = [
+        "secretsmanager:ListSecrets",
+        "secretsmanager:BatchGetSecretValue",
+      ]
       resources = ["*"]
     }
   }
@@ -2421,7 +2424,6 @@ data "aws_iam_policy_document" "external_secrets" {
         "secretsmanager:GetSecretValue",
         "secretsmanager:DescribeSecret",
         "secretsmanager:ListSecretVersionIds",
-        "secretsmanager:BatchGetSecretValue",
       ]
       resources = var.external_secrets_secrets_manager_arns
     }