diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
index b798fa48f..d91a2b281 100644
--- a/infrastructure/stacks/api-layer/iam_policies.tf
+++ b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -190,7 +190,8 @@ data "aws_iam_policy_document" "audit_s3_bucket_policy" {
 }
 
 # Attach s3 read policy to Lambda role
-resource "aws_iam_role_policy" "lambda_s3_rules_read_policy" {
+resource "aws_iam_role_policy" "lambda_s3_read_policy" {
+  # for rules bucket
   name   = "S3ReadAccess"
   role   = aws_iam_role.eligibility_lambda_role.id
   policy = data.aws_iam_policy_document.s3_rules_bucket_policy.json
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
index 1bcaf2145..6a2f3b7be 100644
--- a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
+++ b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -209,12 +209,16 @@ resource "aws_iam_policy" "s3_management" {
         Resource = [
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",