diff --git a/terraform/environments/bootstrap/delegate-access/policies.tf b/terraform/environments/bootstrap/delegate-access/policies.tf
index 2a73e7988..9bbae0d3a 100644
--- a/terraform/environments/bootstrap/delegate-access/policies.tf
+++ b/terraform/environments/bootstrap/delegate-access/policies.tf
@@ -828,6 +828,7 @@ data "aws_iam_policy_document" "directory-management-document" {
       "ec2:AuthorizeSecurityGroupIngress",
       "ec2:AuthorizeSecurityGroupEgress",
       "ec2:CreateTags",
+      "ssm:*",
       "ssm-guiconnect:*Connection"
     ]
     resources = ["*"] #tfsec:ignore:AWS099 tfsec:ignore:AWS097