diff --git a/serverless.yml b/serverless.yml
index ea1fde84..b0de561d 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -12,6 +12,18 @@ provider:
     PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
     DOMAIN_NAME: ${env:DOMAIN_NAME}
     EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
+  # Give lambda access to read from the bucket
+  iam:
+    role:
+      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:GetObject
+            - s3:ListBucket
+          Resource:
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*
 
 
 package: