diff --git a/terraform/environments/analytical-platform-ingestion/kms-keys.tf b/terraform/environments/analytical-platform-ingestion/kms-keys.tf
index 4e55287e9c1..aea1434eeaf 100644
--- a/terraform/environments/analytical-platform-ingestion/kms-keys.tf
+++ b/terraform/environments/analytical-platform-ingestion/kms-keys.tf
@@ -46,6 +46,34 @@ module "s3_definitions_kms" {
   deletion_window_in_days = 7
 }
 
+module "s3_bold_egress_kms" {
+  #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
+  source  = "terraform-aws-modules/kms/aws"
+  version = "2.2.1"
+
+  aliases               = ["s3/bold-egress"]
+  description           = "Used in the Bold Egress Solution"
+  enable_default_policy = true
+  key_statements = [
+    {
+      sid = "AllowAnalyticalPlatformDataEngineeringProduction"
+      actions = [
+        "kms:Encrypt",
+        "kms:GenerateDataKey"
+      ]
+      resources = ["*"]
+      effect    = "Allow"
+      principals = [
+        {
+          type        = "AWS"
+          identifiers = ["arn:aws:iam::593291632749:role/mojap-data-production-bold-egress-${local.environment}"]
+        }
+      ]
+    }
+  ]
+  deletion_window_in_days = 7
+}
+
 module "sns_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
   source  = "terraform-aws-modules/kms/aws"
diff --git a/terraform/environments/analytical-platform-ingestion/s3.tf b/terraform/environments/analytical-platform-ingestion/s3.tf
index 749f7fd478d..699bc6a42ec 100644
--- a/terraform/environments/analytical-platform-ingestion/s3.tf
+++ b/terraform/environments/analytical-platform-ingestion/s3.tf
@@ -34,7 +34,6 @@ module "quarantine_bucket" {
   }
 }
 
-
 module "definitions_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "4.1.0"
@@ -53,8 +52,6 @@ module "definitions_bucket" {
   }
 }
 
-
-
 module "processed_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "4.1.0"
@@ -72,3 +69,47 @@ module "processed_bucket" {
     }
   }
 }
+
+data "aws_iam_policy_document" "bold_egress_bucket_policy" {
+  statement {
+    sid    = "ReplicationPermissions"
+    effect = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::593291632749:role/mojap-data-production-bold-egress-${local.environment}"]
+    }
+    actions = [
+      "s3:ReplicateObject",
+      "s3:ObjectOwnerOverrideToBucketOwner",
+      "s3:GetObjectVersionTagging",
+      "s3:ReplicateTags",
+      "s3:ReplicateDelete"
+    ]
+    resources = ["arn:aws:s3:::mojap-ingestion-${local.environment}-bold-egress/*"]
+  }
+}
+
+module "bold_egress_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "4.1.0"
+
+  bucket = "mojap-ingestion-${local.environment}-bold-egress"
+
+  force_destroy = true
+
+  versioning = {
+    enabled = true
+  }
+
+  attach_policy = true
+  policy        = data.aws_iam_policy_document.bold_egress_bucket_policy.json
+
+  server_side_encryption_configuration = {
+    rule = {
+      apply_server_side_encryption_by_default = {
+        kms_master_key_id = module.s3_bold_egress_kms.key_arn
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+}