diff --git a/README.md b/README.md
index 360c292..aeb4479 100644
--- a/README.md
+++ b/README.md
@@ -60,32 +60,33 @@ No requirements.
## Inputs
-| Name | Description | Type | Default | Required |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------ | :------: |
-| build\_command | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | `string` | `""` | no |
-| build\_triggers | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | `list(string)` | `[]` | no |
-| dead\_letter\_config | Nested block to configure the function's dead letter queue. | object({
target_arn = string
}) | `null` | no |
-| description | Description of what your Lambda Function does. | `string` | `""` | no |
-| environment | A map that defines environment variables for the Lambda function. | object({
variables = map(string)
}) | `null` | no |
-| exclude\_files | A list of directories or folders to ignore, e.g.
exclude\_files = ["test", "src/\*\*/\*.ts"] | `list(string)` | n/a | yes |
-| function\_name | A unique name for your Lambda Function. | `string` | n/a | yes |
-| handler | The function entrypoint in your code. | `string` | n/a | yes |
-| iam\_role\_name\_prefix | The prefix string for the name of IAM role for the lambda function. | `string` | `""` | no |
-| kms\_key\_arn | The ARN for the KMS encryption key. | `string` | `null` | no |
-| kms\_key\_id | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |
-| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `[]` | no |
-| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. | `number` | `128` | no |
-| output\_path | A path to which the source directory is archived before uploading to AWS. | `string` | n/a | yes |
-| policy\_arns | A list of IAM policy ARNs attached to the lambda function. | `list(string)` | `[]` | no |
-| publish | Whether to publish creation/change as new Lambda Function Version. | `string` | `false` | no |
-| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `string` | `-1` | no |
-| retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. | `number` | `null` | no |
-| runtime | The identifier of the function's runtime. | `string` | n/a | yes |
-| source\_dir | A path to the directory which contains source files. | `string` | n/a | yes |
-| tags | A mapping of tags to assign to resources. | `map` | {
"Terraform": "true"
} | no |
-| timeout | The maximum number of seconds the lambda function to run until timeout. | `number` | `3` | no |
-| tracing\_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | object({
mode = string
}) | `null` | no |
-| vpc\_config | Provide this to allow your function to access your VPC. | `any` | `null` | no |
+| Name | Description | Type | Default | Required |
+| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------- | :------: |
+| allowed\_services | A list of AWS Services that are allowed to access this lambda. | `list(string)` | [
"lambda.amazonaws.com"
]
| no |
+| build\_command | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | `string` | `""` | no |
+| build\_triggers | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | `list` | `[]` | no |
+| dead\_letter\_config | Nested block to configure the function's dead letter queue. | object({
target_arn = string
}) | `null` | no |
+| description | Description of what your Lambda Function does. | `string` | `""` | no |
+| environment | A map that defines environment variables for the Lambda function. | object({
variables = map(string)
}) | `null` | no |
+| exclude\_files | A list of directories or folders to ignore, e.g.
exclude\_files = ["test", "src/\*\*/\*.ts"] | `list(string)` | `[]` | no |
+| function\_name | A unique name for your Lambda Function. | `string` | n/a | yes |
+| handler | The function entrypoint in your code. | `string` | n/a | yes |
+| iam\_role\_name\_prefix | The prefix string for the name of IAM role for the lambda function. | `string` | `""` | no |
+| kms\_key\_arn | The ARN for the KMS encryption key. | `string` | `null` | no |
+| kms\_key\_id | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |
+| layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | `[]` | no |
+| memory\_size | Amount of memory in MB your Lambda Function can use at runtime. | `number` | `128` | no |
+| output\_path | A path to which the source directory is archived before uploading to AWS. | `string` | n/a | yes |
+| policy\_arns | A list of IAM policy ARNs attached to the lambda function. | `list(string)` | `[]` | no |
+| publish | Whether to publish creation/change as new Lambda Function Version. | `string` | `false` | no |
+| reserved\_concurrent\_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `string` | `-1` | no |
+| retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. | `number` | `null` | no |
+| runtime | The identifier of the function's runtime. | `string` | n/a | yes |
+| source\_dir | A path to the directory which contains source files. | `string` | n/a | yes |
+| tags | A mapping of tags to assign to resources. | `map` | {
"Terraform": "true"
} | no |
+| timeout | The maximum number of seconds the lambda function to run until timeout. | `number` | `3` | no |
+| tracing\_config | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | object({
mode = string
}) | `null` | no |
+| vpc\_config | Provide this to allow your function to access your VPC. | `any` | `null` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 2b34210..7cd6d2b 100644
--- a/main.tf
+++ b/main.tf
@@ -2,24 +2,20 @@
# IAM role for Lambda function
#---------------------------------------------------------------------------------------------------
resource "aws_iam_role" "this" {
- name_prefix = var.iam_role_name_prefix
-
- assume_role_policy = <