diff --git a/README.md b/README.md
index e69de29..97a7bea 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,2 @@
+# batcave-tf-irsa
+This repo is a Terraform module that contains the code to create IAM roles and policies for the implementation of [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) in Batcave clusters.
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 075ebec..a7fdfe4 100644
--- a/main.tf
+++ b/main.tf
@@ -34,7 +34,6 @@ resource "aws_iam_role" "this" {
   count = var.create_role ? 1 : 0
 
   name        = var.role_name
-  name_prefix = var.role_name_prefix
   path        = var.role_path
   description = var.role_description
 
diff --git a/policies.tf b/policies.tf
index b512b46..76582ba 100644
--- a/policies.tf
+++ b/policies.tf
@@ -66,3 +66,52 @@ resource "aws_iam_role_policy_attachment" "velero" {
   role       = aws_iam_role.this[0].name
   policy_arn = aws_iam_policy.velero[0].arn
 }
+
+################################################################################
+# Flux Policy
+################################################################################
+data "aws_kms_alias" "sops" {
+  name = "alias/batcave-landing-sops"
+}
+
+data "aws_iam_policy_document" "flux" {
+  count = var.create_role && var.attach_flux_policy ? 1 : 0
+
+  statement {
+    sid = "kmslist"
+    actions = [
+      "kms:List*",
+      "kms:Describe*"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "K8sNodes"
+    actions = [
+      "kms:Decrypt",
+    ]
+    resources = [
+      data.aws_kms_alias.sops.arn,
+      data.aws_kms_alias.sops.target_key_arn,
+    ]
+  }
+}
+
+resource "aws_iam_policy" "flux" {
+  count = var.create_role && var.attach_flux_policy ? 1 : 0
+
+  name_prefix = "${var.policy_name_prefix}Flux_Policy-"
+  path        = var.role_path
+  description = "Provides Flux permissions to view and decrypt KMS keys"
+  policy      = data.aws_iam_policy_document.flux[0].json
+
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "flux" {
+  count = var.create_role && var.attach_flux_policy ? 1 : 0
+
+  role       = aws_iam_role.this[0].name
+  policy_arn = aws_iam_policy.flux[0].arn
+}
diff --git a/variables.tf b/variables.tf
index 9079943..ad121c2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -96,3 +96,10 @@ variable "velero_s3_bucket_arns" {
   type        = list(string)
   default     = ["*"]
 }
+
+#Flux
+variable "attach_flux_policy" {
+  description = "Determines whether to attach the Flux IAM policy to the role"
+  type        = bool
+  default     = false
+}