diff --git a/terraform/environments/hmpps-oem/locals.tf b/terraform/environments/hmpps-oem/locals.tf
index 659938ddb89..490086eaf45 100644
--- a/terraform/environments/hmpps-oem/locals.tf
+++ b/terraform/environments/hmpps-oem/locals.tf
@@ -44,10 +44,12 @@ locals {
       description = "Permissions for the db refresh process"
       statements = [
         {
-          sid    = "DescribeInstances"
+          sid    = "InstanceAccess"
           effect = "Allow"
           actions = [
             "ec2:DescribeInstances",
+            "ssm:StartSession",
+            "ssm:TerminateSession"
           ]
           resources = [
             "*",