diff --git a/terraform/asg.tf b/terraform/asg.tf
index e486302..908f272 100644
--- a/terraform/asg.tf
+++ b/terraform/asg.tf
@@ -27,11 +27,31 @@ resource "aws_security_group" "k8s-node" {
   }
 }
 
+data "aws_ami" "latest-fedora" {
+  most_recent = true
+  owners = ["125523088429"]
+
+  filter {
+    name = "name"
+    values = ["Fedora-Cloud-Base-38-1.*"]
+  }
+
+  filter {
+    name = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name = "architecture"
+    values = ["arm64"]
+  }
+}
+
 resource "aws_launch_template" "k8s-aarch64" {
   name = "k8s-aarch64"
 
   update_default_version = true
-  image_id               = "ami-0dcd72048e69236de"
+  image_id               = "${data.aws_ami.latest-fedora.id}"
   instance_type          = "t4g.medium"
   security_group_names   = [aws_security_group.k8s-node.name]
   key_name               = "dustin@rosalina"
diff --git a/terraform/iam-policy.json b/terraform/iam-policy.json
index 3ed129b..d67dc2b 100644
--- a/terraform/iam-policy.json
+++ b/terraform/iam-policy.json
@@ -11,6 +11,7 @@
                 "autoscaling:DescribeTags",
                 "sns:Unsubscribe",
                 "sns:GetSubscriptionAttributes",
+                "ec2:DescribeImages",
                 "ec2:DescribeSecurityGroups"
             ],
             "Resource": "*"