diff --git a/prowler/config/aws_allowlist.yaml b/prowler/config/aws_allowlist.yaml
index 6ba4dc9f..c9f5c0cc 100644
--- a/prowler/config/aws_allowlist.yaml
+++ b/prowler/config/aws_allowlist.yaml
@@ -38,6 +38,9 @@ Allowlist:
             - "aws-controltower-ReadOnlyExecutionRole"
             - "AWSControlTower_VPCFlowLogsRole"
             - "AWSControlTowerExecution"
+            - "AWSAFTAdmin"
+            - "AWSAFTExecution"
+            - "AWSAFTService"
         "iam_policy_*":
           Regions:
             - "*"