diff --git a/terraform/environments/cdpt-ifs/ecs.tf b/terraform/environments/cdpt-ifs/ecs.tf
index 2dd8682eeee..339caf541da 100644
--- a/terraform/environments/cdpt-ifs/ecs.tf
+++ b/terraform/environments/cdpt-ifs/ecs.tf
@@ -95,3 +95,27 @@ EOF
   )
 }
 
+resource "aws_iam_role_policy" "app_execution" {
+  name = "execution-${var.networking[0].application}"
+  role = aws_iam_role.app_execution.id
+
+  policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+           "Action": [
+              "ecr:*",
+              "logs:CreateLogGroup",
+              "logs:CreateLogStream",
+              "logs:PutLogEvents",
+              "logs:DescribeLogStreams",
+              "secretsmanager:GetSecretValue"
+           ],
+           "Resource": "*",
+           "Effect": "Allow"
+      }
+    ]
+  }
+  EOF
+}