diff --git a/upup/models/cloudup/_aws/resources/iam/kubernetes-node-policy.json.template b/upup/models/cloudup/_aws/resources/iam/kubernetes-node-policy.json.template
index ae9507b5e2..b20f71f73b 100644
--- a/upup/models/cloudup/_aws/resources/iam/kubernetes-node-policy.json.template
+++ b/upup/models/cloudup/_aws/resources/iam/kubernetes-node-policy.json.template
@@ -42,7 +42,8 @@
       "Resource": [
         {{ range $i, $b := .NodePermissions.S3Buckets }}
         {{if $i}},{{end}}
-        "{{ IAMPrefix }}:s3:::{{ $b }}/*"
+        "{{ IAMPrefix }}:s3:::{{ $b }}/{{ ClusterName }}",
+        "{{ IAMPrefix }}:s3:::{{ $b }}/{{ ClusterName }}/*"
         {{ end }}
       ]
     },