diff --git a/main.tf b/main.tf
index cb7f5b2..2fd8110 100644
--- a/main.tf
+++ b/main.tf
@@ -204,25 +204,16 @@ data "aws_iam_policy_document" "combined_policy_block" {
       # List of actions can be found in the following example:
       # https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html
       not_actions = [
-        "access-analyzer:*",
-        "iam:*",
-        "organizations:*",
-        "route53:*",
-        "budgets:*",
-        "waf:*",
-        "cloudfront:*",
-        "globalaccelerator:*",
-        "importexport:*",
-        "support:*",
-        "sts:*",
-        "pricing:*",
         "a4b:*",
+        "access-analyzer:*",
         "acm:*",
         "aws-marketplace-management:*",
         "aws-marketplace:*",
         "aws-portal:*",
+        "budgets:*",
         "ce:*",
         "chime:*",
+        "cloudfront:*",
         "config:*",
         "cur:*",
         "directconnect:*",
@@ -230,17 +221,26 @@ data "aws_iam_policy_document" "combined_policy_block" {
         "ec2:DescribeTransitGateways",
         "ec2:DescribeVpnGateways",
         "fms:*",
+        "globalaccelerator:*",
         "health:*",
+        "iam:*",
+        "importexport:*",
         "kms:*",
         "mobileanalytics:*",
         "networkmanager:*",
+        "organizations:*",
+        "pricing:*",
+        "route53:*",
         "route53domains:*",
         "s3:GetAccountPublic*",
         "s3:ListAllMyBuckets",
         "s3:PutAccountPublic*",
         "shield:*",
+        "sts:*",
+        "support:*",
         "trustedadvisor:*",
         "waf-regional:*",
+        "waf:*",
         "wafv2:*",
         "wellarchitected:*"
       ]