Catalog acl policy catalog service empty

I set an acl token and policy as follow (with terraform) :

resource "consul_acl_policy" "kws-dev" {
  name = "kws-dev"
  rules = <<-RULE
    service_prefix "" {
      policy = "write"

resource "consul_acl_token" "kws-dev-token" {
  description = "kws-dev token"
  policies = ["${}"]

The token allows me to list services /v1/catalog/services
but when I try to query a specific one, the response is just empty /v1/catalog/service/a-real-service-in-catalog

With the bootstrap token I can get the service detail on the exact same endpoint

Someone knows what policy should I add ?