diff --git a/variables.tf b/variables.tf
index f9e3232..d3d196d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -168,6 +168,16 @@ variable "worker_sg_ingress_from_port" {
   default     = "1025"
 }
 
+variable "workers_additional_policies" {
+  description = "Additional policies to be added to workers"
+  type        = "list"
+  default     = []
+}
+
+variable "workers_additional_policies_count" {
+  default = 0
+}
+
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to fetch AWS EKS credentials."
   default     = "aws-iam-authenticator"
diff --git a/workers.tf b/workers.tf
index f8497ca..4d61299 100644
--- a/workers.tf
+++ b/workers.tf
@@ -143,6 +143,12 @@ resource "aws_iam_role_policy_attachment" "workers_AmazonEC2ContainerRegistryRea
   role       = "${aws_iam_role.workers.name}"
 }
 
+resource "aws_iam_role_policy_attachment" "workers_additional_policies" {
+  count      = "${var.workers_additional_policies_count}"
+  role       = "${aws_iam_role.workers.name}"
+  policy_arn = "${var.workers_additional_policies[count.index]}"
+}
+
 resource "null_resource" "tags_as_list_of_maps" {
   count = "${length(keys(var.tags))}"