diff --git a/modules/role/main.tf b/modules/role/main.tf
index 409dae2..4b1261e 100644
--- a/modules/role/main.tf
+++ b/modules/role/main.tf
@@ -10,14 +10,6 @@ resource "aws_iam_role" "this" {
   path                  = var.path
   permissions_boundary  = var.permissions_boundary
 
-  dynamic "inline_policy" {
-    for_each = var.inline_policies
-    content {
-      name   = inline_policy.value.name
-      policy = inline_policy.value.policy
-    }
-  }
-
   tags = merge(
     {
       Name = var.name
@@ -33,6 +25,19 @@ resource "aws_iam_role" "this" {
   }
 }
 
+resource "aws_iam_role_policy" "this" {
+  for_each = { for policy in var.inline_policies : policy.name => policy }
+
+  name   = each.value.name
+  policy = each.value.policy
+  role   = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policies_exclusive" "this" {
+  role_name    = aws_iam_role.this.name
+  policy_names = [for name, policy in aws_iam_role_policy.this : policy.name]
+}
+
 # attach an instance profile to the IAM role
 resource "aws_iam_instance_profile" "this" {
   count = var.instance_profile != null ? 1 : 0
diff --git a/modules/role/versions.tf b/modules/role/versions.tf
index 039ec1e..84bf5cc 100644
--- a/modules/role/versions.tf
+++ b/modules/role/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.35.0"
+      version = ">= 5.68.0"
     }
   }
 }