diff --git a/terraform/aws/analytical-platform-development/cluster/iam-policies.tf b/terraform/aws/analytical-platform-development/cluster/iam-policies.tf
index 0a55ab50a9..b7e3c4e2db 100644
--- a/terraform/aws/analytical-platform-development/cluster/iam-policies.tf
+++ b/terraform/aws/analytical-platform-development/cluster/iam-policies.tf
@@ -347,6 +347,15 @@ data "aws_iam_policy_document" "control_panel_api" {
     actions   = ["iam:DeletePolicy"]
     resources = ["arn:aws:iam::${var.account_ids["analytical-platform-development"]}:policy/${var.resource_prefix}-*"]
   }
+  statement {
+    sid    = "CanReadIAMPolicies"
+    effect = "Allow"
+    actions = [
+      "iam:GetPolicy",
+      "iam:GetPolicyVersion",
+    ]
+    resources = ["arn:aws:iam::${var.account_ids["analytical-platform-development"]}:policy/*"]
+  }
   statement {
     sid     = "CanAttachPolicies"
     effect  = "Allow"
diff --git a/terraform/aws/analytical-platform-production/cluster/iam-policies.tf b/terraform/aws/analytical-platform-production/cluster/iam-policies.tf
index 8774f4873e..a08655f287 100644
--- a/terraform/aws/analytical-platform-production/cluster/iam-policies.tf
+++ b/terraform/aws/analytical-platform-production/cluster/iam-policies.tf
@@ -74,6 +74,15 @@ data "aws_iam_policy_document" "control_panel_api" {
     actions   = ["iam:DeletePolicy"]
     resources = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:policy/${var.resource_prefix}-*"]
   }
+  statement {
+    sid    = "CanReadIAMPolicies"
+    effect = "Allow"
+    actions = [
+      "iam:GetPolicy",
+      "iam:GetPolicyVersion",
+    ]
+    resources = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:policy/*"]
+  }
   statement {
     sid     = "CanAttachPolicies"
     effect  = "Allow"