diff --git a/infrastructure/policies.tf b/infrastructure/policies.tf
index 99da7bdb..97e11a66 100644
--- a/infrastructure/policies.tf
+++ b/infrastructure/policies.tf
@@ -32,6 +32,16 @@ resource "aws_iam_policy" "read_only_role_extra_permissions" {
         Resource = [
           "arn:aws:kms:eu-west-2:${data.aws_caller_identity.current.account_id}:key/*",
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "logs:PutQueryDefinition",
+          "logs:DeleteQueryDefinition",
+        ],
+        Resource = [
+          "arn:aws:logs:eu-west-2:${data.aws_caller_identity.current.account_id}:log-group::log-stream:",
+        ]
       }
     ]
   })