diff --git a/aws/policy/security-services.yaml b/aws/policy/security-services.yaml
index 29d58a7..679bdb2 100644
--- a/aws/policy/security-services.yaml
+++ b/aws/policy/security-services.yaml
@@ -73,8 +73,7 @@ Statement:
       - kms:CreateGrant
       - kms:DeleteAlias
       - kms:Describe*
-      - kms:DisableKey
-      - kms:DisableKeyRotation
+      - kms:Disable*
       - kms:EnableKey
       - kms:EnableKeyRotation
       - kms:Get*
@@ -88,6 +87,7 @@ Statement:
       - kms:UpdateKeyDescription
       - logs:List*
       - secretsmanager:Describe*
+      - secretsmanager:GetRandomPassword
       - secretsmanager:List*
     Resource: "*"