diff --git a/modules/nomad-cluster/main.tf b/modules/nomad-cluster/main.tf
index b7074df..3bbfd75 100644
--- a/modules/nomad-cluster/main.tf
+++ b/modules/nomad-cluster/main.tf
@@ -193,6 +193,8 @@ resource "aws_iam_role" "instance_role" {
   name_prefix        = var.cluster_name
   assume_role_policy = data.aws_iam_policy_document.instance_role.json
 
+  permissions_boundary = var.iam_permissions_boundary
+
   # aws_iam_instance_profile.instance_profile in this module sets create_before_destroy to true, which means
   # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors
   # when you try to do a terraform destroy.
diff --git a/modules/nomad-cluster/variables.tf b/modules/nomad-cluster/variables.tf
index 2f23225..75c78af 100644
--- a/modules/nomad-cluster/variables.tf
+++ b/modules/nomad-cluster/variables.tf
@@ -228,3 +228,8 @@ variable "protect_from_scale_in" {
   default     = false
 }
 
+variable "iam_permissions_boundary" {
+  description = "If set, restricts the created IAM role to the given permissions boundary"
+  type        = string
+  default     = null
+}