diff --git a/.changelog/28838.txt b/.changelog/28838.txt
new file mode 100644
index 00000000000..75c48e18a7b
--- /dev/null
+++ b/.changelog/28838.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in `policy`
+```
\ No newline at end of file
diff --git a/internal/service/iot/policy.go b/internal/service/iot/policy.go
index bb10cb7eedc..6e4b474d998 100644
--- a/internal/service/iot/policy.go
+++ b/internal/service/iot/policy.go
@@ -31,10 +31,11 @@ func ResourcePolicy() *schema.Resource {
 				ForceNew: true,
 			},
 			"policy": {
-				Type:             schema.TypeString,
-				Required:         true,
-				ValidateFunc:     validation.StringIsJSON,
-				DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs,
+				Type:                  schema.TypeString,
+				Required:              true,
+				ValidateFunc:          validation.StringIsJSON,
+				DiffSuppressFunc:      verify.SuppressEquivalentPolicyDiffs,
+				DiffSuppressOnRefresh: true,
 				StateFunc: func(v interface{}) string {
 					json, _ := structure.NormalizeJsonString(v)
 					return json
@@ -56,7 +57,6 @@ func resourcePolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).IoTConn()
 
 	policy, err := structure.NormalizeJsonString(d.Get("policy").(string))
-
 	if err != nil {
 		return fmt.Errorf("policy (%s) is invalid JSON: %w", policy, err)
 	}
@@ -97,7 +97,6 @@ func resourcePolicyRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("name", out.PolicyName)
 
 	policyToSet, err := verify.PolicyToSet(d.Get("policy").(string), aws.StringValue(out.PolicyDocument))
-
 	if err != nil {
 		return err
 	}
@@ -112,7 +111,6 @@ func resourcePolicyUpdate(d *schema.ResourceData, meta interface{}) error {
 
 	if d.HasChange("policy") {
 		policy, err := structure.NormalizeJsonString(d.Get("policy").(string))
-
 		if err != nil {
 			return fmt.Errorf("policy (%s) is invalid JSON: %w", policy, err)
 		}