diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90e2153..885f569 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 
 All notable changes to this module will be documented in this file.
 
+## [1.1.1] - 2024-01-26
+
+### Added
+
+- Default policy for worker node's role allowing efs addon to work
+
+### Changed
+
+- Update `data.aws_iam_policy_document.aws_sa_assume_role_policy`'s condition to use `StringLike` instead of `StringEquals`
+
 ## [1.1.0] - 2023-08-12
 
 ### Added
diff --git a/iam.tf b/iam.tf
index dcdbb29..470c880 100644
--- a/iam.tf
+++ b/iam.tf
@@ -77,6 +77,11 @@ resource "aws_iam_role_policy_attachment" "amazon_ec2_ssm" {
   role       = aws_iam_role.node_group_role.name
 }
 
+resource "aws_iam_role_policy_attachment" "amazon_efs_csi" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy"
+  role       = aws_iam_role.node_group_role.name
+}
+
 # Additional policies
 data "aws_iam_policy_document" "combined_policy" {
   count                   = length(var.additional_worker_polices) > 0 ? 1 : 0
diff --git a/modules/openid_connect_provider/iam.tf b/modules/openid_connect_provider/iam.tf
index 793b36c..7200492 100644
--- a/modules/openid_connect_provider/iam.tf
+++ b/modules/openid_connect_provider/iam.tf
@@ -149,16 +149,17 @@ data "aws_iam_policy_document" "aws_lb_controller_policy" {
       "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
       "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
     ]
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["true"]
-    }
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
+    # https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2692
+    # condition {
+    #   test     = "Null"
+    #   variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+    #   values   = ["true"]
+    # }
+    # condition {
+    #   test     = "Null"
+    #   variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+    #   values   = ["false"]
+    # }
   }
   statement {
     actions = [
@@ -261,14 +262,14 @@ data "aws_iam_policy_document" "aws_sa_assume_role_policy" {
     actions = ["sts:AssumeRoleWithWebIdentity"]
     effect  = "Allow"
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:sub"
       values = [
         format("system:serviceaccount:%s:%s", local.service_accounts[count.index].namespace, local.service_accounts[count.index].name)
       ]
     }
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:aud"
       values = [
         "sts.amazonaws.com"