diff --git a/terraform/environments/bootstrap/delegate-access/policies.tf b/terraform/environments/bootstrap/delegate-access/policies.tf
index 51514a68e..56bcd7441 100644
--- a/terraform/environments/bootstrap/delegate-access/policies.tf
+++ b/terraform/environments/bootstrap/delegate-access/policies.tf
@@ -455,7 +455,10 @@ data "aws_iam_policy_document" "sandbox_additional" {
       "identitystore:DescribeUser",
       "sso:ListDirectoryAssociations",
       "wellarchitected:*",
-      "backup:StartRestoreJob"
+      "backup:StartRestoreJob",
+      "state:CreateStateMachine",
+      "state:ListStateMachines",
+      "state:DeleteStateMachine"
     ]
     resources = ["*"] #tfsec:ignore:AWS099 tfsec:ignore:AWS097
   }