diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
index 41ed78e70..ec598e675 100644
--- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
+++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
@@ -99,6 +99,9 @@ Resources:
           - Effect: Allow
             Action:
               - cloudformation:ValidateTemplate
+              - iam:CreateAccountAlias
+              - iam:DeleteAccountAlias
+              - iam:ListAccountAliases
               - ssm:PutParameter
               - ssm:GetParameters
               - ssm:GetParameter
diff --git a/src/template.yml b/src/template.yml
index d8d4edd55..73f8c49a7 100644
--- a/src/template.yml
+++ b/src/template.yml
@@ -359,15 +359,6 @@ Resources:
                 - lambda.amazonaws.com
             Action: "sts:AssumeRole"
       Path: "/aws-deployment-framework/account-management/"
-      Policies:
-        - PolicyName: "adf-lambda-create-account-alias-policy"
-          PolicyDocument:
-            Version: "2012-10-17"
-            Statement:
-              - Effect: Allow
-                Action:
-                  - "iam:CreateAccountAlias"
-                Resource: "*"
 
   AccountAliasConfigFunction:
     Type: 'AWS::Serverless::Function'