diff --git a/README.md b/README.md
index 3ed1d52..5dd7c2d 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,8 @@ module "lambda" {
   // Attach a policy.
   attach_policy = true
   policy        = "${data.aws_iam_policy_document.lambda.json}"
+  attach_policy_arn = true
+  policy_arn    = "${data.aws_iam_policy.lambda.arn}"
 
   // Add a dead letter queue.
   attach_dead_letter_config = true
diff --git a/iam.tf b/iam.tf
index 01aeaff..9e87385 100644
--- a/iam.tf
+++ b/iam.tf
@@ -134,19 +134,10 @@ resource "aws_iam_policy_attachment" "network" {
   policy_arn = "${aws_iam_policy.network.arn}"
 }
 
-# Attach an additional policy if provided.
+# Attach an additional policies if provided.
 
-resource "aws_iam_policy" "additional" {
-  count = "${var.attach_policy ? 1 : 0}"
-
-  name   = "${var.function_name}"
-  policy = "${var.policy}"
-}
-
-resource "aws_iam_policy_attachment" "additional" {
-  count = "${var.attach_policy ? 1 : 0}"
-
-  name       = "${var.function_name}"
-  roles      = ["${aws_iam_role.lambda.name}"]
-  policy_arn = "${aws_iam_policy.additional.arn}"
+resource "aws_iam_role_policy_attachment" "additional" {
+  count      = "${local.policy_arn_count}"
+  role       = "${aws_iam_role.lambda.name}"
+  policy_arn = "${var.policy_arns[count.index]}"
 }
diff --git a/outputs.tf b/outputs.tf
index 7602f3e..c3a4f9b 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -3,6 +3,11 @@ output "function_arn" {
   value       = "${element(concat(aws_lambda_function.lambda.*.arn, aws_lambda_function.lambda_with_dl.*.arn, aws_lambda_function.lambda_with_vpc.*.arn, aws_lambda_function.lambda_with_dl_and_vpc.*.arn), 0)}"
 }
 
+output "function_invoke_arn" {
+  description = "The ARN of the Lambda function"
+  value       = "${element(concat(aws_lambda_function.lambda.*.invoke_arn, aws_lambda_function.lambda_with_dl.*.invoke_arn, aws_lambda_function.lambda_with_vpc.*.invoke_arn, aws_lambda_function.lambda_with_dl_and_vpc.*.invoke_arn), 0)}"
+}
+
 output "function_name" {
   description = "The name of the Lambda function"
   value       = "${element(concat(aws_lambda_function.lambda.*.function_name, aws_lambda_function.lambda_with_dl.*.function_name, aws_lambda_function.lambda_with_vpc.*.function_name, aws_lambda_function.lambda_with_dl_and_vpc.*.function_name), 0)}"
diff --git a/variables.tf b/variables.tf
index c22af6c..2e1aa8d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -90,16 +90,10 @@ variable "tags" {
   default     = {}
 }
 
-variable "policy" {
-  description = "An addional policy to attach to the Lambda function"
-  type        = "string"
-  default     = ""
-}
-
-variable "attach_policy" {
-  description = "Set this to true if using the policy variable"
-  type        = "string"
-  default     = false
+variable "policy_arns" {
+  description = "Addional policies (ARNs) to attach to the Lambda function."
+  type        = "list"
+  default     = []
 }
 
 variable "enable_cloudwatch_logs" {
@@ -123,4 +117,5 @@ variable "lambda_at_edge" {
 locals {
   publish = "${var.lambda_at_edge ? true : var.publish}"
   timeout = "${var.lambda_at_edge ? min(var.timeout, 5) : var.timeout}"
+  policy_arn_count = "${length(var.policy_arns)}"
 }