diff --git a/.github/actions/dependencies/action.yml b/.github/actions/dependencies/action.yml
index 42278a7..a783010 100644
--- a/.github/actions/dependencies/action.yml
+++ b/.github/actions/dependencies/action.yml
@@ -8,7 +8,7 @@ runs:
       uses: actions/setup-go@v6
       with:
         go-version: '1.25'
-
+        cache-dependency-path: "apps/*/go.sum"
     - name: "Set up Terraform"
       uses: hashicorp/setup-terraform@v3
       with:
diff --git a/infra/modules/api/data.tf b/infra/modules/api/data.tf
index b5e3baf..0759e7e 100644
--- a/infra/modules/api/data.tf
+++ b/infra/modules/api/data.tf
@@ -20,7 +20,7 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:DeleteLogGroup",
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*"
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome"
     ]
   }
 
@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:FilterLogEvents"
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*",
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome",
       aws_cloudwatch_log_group.access_logs.arn,
       aws_cloudwatch_log_group.stage_v1.arn,
     ]
@@ -45,9 +45,9 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:GetLogEvents",
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*",
-      aws_cloudwatch_log_group.access_logs.arn,
-      aws_cloudwatch_log_group.stage_v1.arn,
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:log-stream:*",
+      "${aws_cloudwatch_log_group.access_logs.arn}:log-stream:*",
+      "${aws_cloudwatch_log_group.stage_v1.arn}:log-stream:*",
     ]
   }
 }