diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf
index 96097690..3253e8e0 100644
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@@ -464,4 +464,29 @@ module "engine_registry" {
   source = "../modules/container_registry"
   name   = "engine"
   stage = var.stage
-}
\ No newline at end of file
+}
+
+# S3 policy for Engine to read and write from various S3 buckets
+module "engine_s3_read_and_write" {
+  source = "../modules/s3_iam_policy"
+
+  policy_name        = "EngineReadandWriteS3"
+  policy_description = "Allow Engine Lambda to read from and write to various S3 buckets"
+  bucket_arns        = [
+    "arn:aws:s3:::retrofit-plan-inputs-${var.stage}",
+    "arn:aws:s3:::retrofit-data-${var.stage}",
+    "arn:aws:s3:::retrofit-sap-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-carbon-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-heat-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-carbon-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-heating-kwh-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-hotwater-kwh-predictions-${var.stage}",
+    "arn:aws:s3:::retrofit-energy-assessments-${var.stage}"
+  ]
+  actions            = ["s3:*"]
+  resource_paths     = ["/*"]
+}
+
+output "engine_s3_read_and_write_arn" {
+  value = module.engine_s3_read_and_write.policy_arn
+}