diff --git a/CHANGELOG.md b/CHANGELOG.md
index a300a3a..627823c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+# 1.0.1
+
+* Adding Cloudwatch metrics policy for ec2
+
 # 1.0.0
 
 * Striking 1.0.0 release
diff --git a/policies.tf b/policies.tf
index 9eb07ee..8ba78c9 100644
--- a/policies.tf
+++ b/policies.tf
@@ -179,6 +179,56 @@ resource "aws_iam_role_policy_attachment" "secrets-manager" {
   policy_arn = aws_iam_policy.secrets-manager[0].arn
 }
 
+################################################################################
+# CloudWatch Policy for EC2 metrics
+################################################################################
+data "aws_iam_policy_document" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  statement {
+    sid = "AllowReadingMetricsFromCloudWatch"
+    actions = [
+      "cloudwatch:DescribeAlarmsForMetric",
+      "cloudwatch:DescribeAlarmHistory",
+      "cloudwatch:DescribeAlarms",
+      "cloudwatch:ListMetrics",
+      "cloudwatch:GetMetricData",
+      "cloudwatch:GetInsightRuleReport"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AllowReadingTagsInstancesRegionsFromEC2"
+    actions = ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AllowReadingResourcesForTags"
+    actions = "tag:GetResources"
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  name_prefix = "${var.policy_name_prefix}${var.app_name}_Policy-"
+  path        = var.role_path
+  description = "View EC2 metrics"
+  policy      = data.aws_iam_policy_document.ec2_metrics[0].json
+
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  role       = aws_iam_role.this[0].name
+  policy_arn = aws_iam_policy.ec2_metrics[0].arn
+}
+
 ################################################################################
 # CloudWatch Policy for container insights
 ################################################################################
diff --git a/variables.tf b/variables.tf
index 7cf9e78..9f4ec2d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -168,3 +168,10 @@ variable "sqs_read_write_arns" {
   type        = list(string)
   default     = []
 }
+
+# Cloudwatch
+variable "attach_ec2_metrics_policy" {
+  description = "Determines whether to attach the Cloudwatch policy for ec2 metrics to the role"
+  type = bool
+  default = true
+}
\ No newline at end of file