diff --git a/aws-iam-role-infraci/README.md b/aws-iam-role-infraci/README.md
index 95e928aa..6aabd8d0 100644
--- a/aws-iam-role-infraci/README.md
+++ b/aws-iam-role-infraci/README.md
@@ -10,7 +10,7 @@ Creates a role useful for running `terraform plan` in CI jobs.
 | iam\_path |  | string | `"/"` | no |
 | role\_name |  | string | `"infraci"` | no |
 | source\_account\_id |  | string | n/a | yes |
-| terraform\_state\_lock\_dynamodb\_arn | "The unique identifier (ARN) of the state file DynamoDB table" | string | `""` | yes |
+| terraform\_state\_lock\_dynamodb\_arns | "A list of unique identifiers (ARNs) of state file DynamoDB tables" | string | `[]` | yes |
 
 ## Outputs
 
diff --git a/aws-iam-role-infraci/main.tf b/aws-iam-role-infraci/main.tf
index 469c2640..bf0ae3e3 100755
--- a/aws-iam-role-infraci/main.tf
+++ b/aws-iam-role-infraci/main.tf
@@ -66,11 +66,11 @@ data "aws_iam_policy_document" "secrets" {
 
   dynamic statement {
 
-    for_each = compact([var.terraform_state_lock_dynamodb_arn])
+    for_each = var.terraform_state_lock_dynamodb_arns
 
 
     content {
-      sid = "statefileaccess"
+      sid = "statefileaccess${statement.key}"
 
       actions = [
         "dynamodb:GetItem",
diff --git a/aws-iam-role-infraci/variables.tf b/aws-iam-role-infraci/variables.tf
index 161bc1f5..3a95f57c 100755
--- a/aws-iam-role-infraci/variables.tf
+++ b/aws-iam-role-infraci/variables.tf
@@ -10,8 +10,8 @@ variable "iam_path" {
   default = "/"
 }
 
-variable "terraform_state_lock_dynamodb_arn" {
-  type        = "string"
-  default     = ""
-  description = "The ARN of the state file DynamoDB table"
+variable "terraform_state_lock_dynamodb_arns" {
+  type        = list(string)
+  default     = []
+  description = "ARNs of the state file DynamoDB tables"
 }