diff --git a/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_admin.yaml b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_admin.yaml
new file mode 100644
index 0000000..9c43d98
--- /dev/null
+++ b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_admin.yaml
@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo
diff --git a/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_operator.yaml b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_operator.yaml
new file mode 100644
index 0000000..9c43d98
--- /dev/null
+++ b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_operator.yaml
@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo
diff --git a/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_root.yaml b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_root.yaml
new file mode 100644
index 0000000..9c43d98
--- /dev/null
+++ b/config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_root.yaml
@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo
diff --git a/policies/kubernetes/au/syd1/creds/cluster-admin.yaml b/policies/kubernetes/au/syd1/creds/cluster-admin.yaml
index 68a3781..87e5f37 100644
--- a/policies/kubernetes/au/syd1/creds/cluster-admin.yaml
+++ b/policies/kubernetes/au/syd1/creds/cluster-admin.yaml
@@ -6,5 +6,5 @@ rules:
       - update
 
 auth:
-  approle:
-    - tf_vault
+  ldap:
+    - kubernetes_au_syd1_cluster_admin
diff --git a/policies/kubernetes/au/syd1/creds/cluster-operator.yaml b/policies/kubernetes/au/syd1/creds/cluster-operator.yaml
index 7f5dde7..82c7665 100644
--- a/policies/kubernetes/au/syd1/creds/cluster-operator.yaml
+++ b/policies/kubernetes/au/syd1/creds/cluster-operator.yaml
@@ -6,5 +6,5 @@ rules:
       - update
 
 auth:
-  approle:
-    - tf_vault
+  ldap:
+    - kubernetes_au_syd1_cluster_operator
diff --git a/policies/kubernetes/au/syd1/creds/cluster-root.yaml b/policies/kubernetes/au/syd1/creds/cluster-root.yaml
index 0409ca0..ef70cab 100644
--- a/policies/kubernetes/au/syd1/creds/cluster-root.yaml
+++ b/policies/kubernetes/au/syd1/creds/cluster-root.yaml
@@ -8,3 +8,5 @@ rules:
 auth:
   approle:
     - terraform_k8s
+  ldap:
+    - kubernetes_au_syd1_cluster_root