diff --git a/terraform/environments/bootstrap/single-sign-on/main.tf b/terraform/environments/bootstrap/single-sign-on/main.tf
index fc5542e37..817268bdf 100644
--- a/terraform/environments/bootstrap/single-sign-on/main.tf
+++ b/terraform/environments/bootstrap/single-sign-on/main.tf
@@ -6,6 +6,7 @@ locals {
 
 # Get MP-specific AWS SSO permission sets
 data "terraform_remote_state" "mp-sso-permissions-sets" {
+  provider = aws.test
   backend = "s3"
   config = {
     acl     = "bucket-owner-full-control"
diff --git a/terraform/environments/bootstrap/single-sign-on/providers.tf b/terraform/environments/bootstrap/single-sign-on/providers.tf
index 649c6c9fd..16c5f5fb3 100644
--- a/terraform/environments/bootstrap/single-sign-on/providers.tf
+++ b/terraform/environments/bootstrap/single-sign-on/providers.tf
@@ -12,6 +12,14 @@ provider "aws" {
   }
 }
 
+provider "aws" {
+  region = "eu-west-2"
+  alias  = "test"
+  assume_role {
+    role_arn = "arn:aws:iam::${local.environment_management.modernisation_platform_account_id.value}:role/modernisation-account-terraform-state-member-access"
+  }
+}
+
 # AWS provider (modernisation-secrets-read): Required for assuming a role into modernisation platform account to read secrets
 provider "aws" {
   alias  = "modernisation-secrets-read"