diff --git a/deamon-require-aws-node-irsa/README.md b/deamon-require-aws-node-irsa/README.md
new file mode 100644
index 00000000..d6fa02ea
--- /dev/null
+++ b/deamon-require-aws-node-irsa/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`deamon-require-aws-node-irsa` is a KCL validation package to validate services of type LoadBalancer when deployed inside AWS have support for transport encryption if it is enabled via an annotation. This policy requires that Services of type LoadBalancer contain the annotation `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` with some value.
+
+## Resource
+
+The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/deamon-require-aws-node-irsa)
diff --git a/deamon-require-aws-node-irsa/kcl.mod b/deamon-require-aws-node-irsa/kcl.mod
new file mode 100644
index 00000000..835802ba
--- /dev/null
+++ b/deamon-require-aws-node-irsa/kcl.mod
@@ -0,0 +1,4 @@
+[package]
+name = "deamon-require-aws-node-irsa"
+version = "0.1.0"
+description = "`deamon-require-aws-node-irsa` is a kcl validation package"
diff --git a/deamon-require-aws-node-irsa/main.k b/deamon-require-aws-node-irsa/main.k
new file mode 100644
index 00000000..32e60d06
--- /dev/null
+++ b/deamon-require-aws-node-irsa/main.k
@@ -0,0 +1,15 @@
+"""Services of type LoadBalancer when deployed inside AWS have support for
+transport encryption if it is enabled via an annotation. This policy requires
+that Services of type LoadBalancer contain the annotation
+service.beta.kubernetes.io/aws-load-balancer-ssl-cert with some value.
+"""
+
+# Define the validation function
+validate = lambda item {
+    if item.kind == "DaemonSet" and item.metadata.name == "aws-node" and item.metadata.namespace == "kube-system":
+        assert item.spec?.template?.spec?.serviceAccountName == "!aws-node", "Update the aws-node daemonset to use IRSA."
+    item
+}
+
+# Validate All resource
+items = [validate(i) for i in option("items")]
diff --git a/svc-require-encryption-aws-loadbalancers/README.md b/svc-require-encryption-aws-loadbalancers/README.md
new file mode 100644
index 00000000..fc88ceaf
--- /dev/null
+++ b/svc-require-encryption-aws-loadbalancers/README.md
@@ -0,0 +1,5 @@
+## Introduction
+
+## Resource
+
+The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/svc-require-encryption-aws-loadbalancers)
diff --git a/svc-require-encryption-aws-loadbalancers/kcl.mod b/svc-require-encryption-aws-loadbalancers/kcl.mod
new file mode 100644
index 00000000..357fb4af
--- /dev/null
+++ b/svc-require-encryption-aws-loadbalancers/kcl.mod
@@ -0,0 +1,4 @@
+[package]
+name = "svc-require-encryption-aws-loadbalancers"
+version = "0.1.0"
+description = "`svc-require-encryption-aws-loadbalancers` is a kcl validation package"
diff --git a/svc-require-encryption-aws-loadbalancers/main.k b/svc-require-encryption-aws-loadbalancers/main.k
new file mode 100644
index 00000000..40be5150
--- /dev/null
+++ b/svc-require-encryption-aws-loadbalancers/main.k
@@ -0,0 +1,15 @@
+"""Services of type LoadBalancer when deployed inside AWS have support for
+transport encryption if it is enabled via an annotation. This policy requires
+that Services of type LoadBalancer contain the annotation
+service.beta.kubernetes.io/aws-load-balancer-ssl-cert with some value.
+"""
+
+# Define the validation function
+validate = lambda item {
+    if item.kind == "Service":
+        assert item.metadata?.annotation?["service.beta.kubernetes.io/aws-load-balancer-ssl-cert"] if item?.spec?.type == "LoadBalancer", "Service of type LoadBalancer must carry the annotation service.beta.kubernetes.io/aws-load-balancer-ssl-cert."
+    item
+}
+
+# Validate All resource
+items = [validate(i) for i in option("items")]