diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 11048a1..557199b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -240,6 +240,7 @@ jobs:
           echo ${{ env.THE_VERSION }}
           source bin/config.sh ${{ env.THE_ENV }}
           aws iam delete-role --role-name service-hydrocron-api-sit-service-role
+          aws iam delete-role --role-name hydrocron-codebuild
           terraform init -reconfigure -backend-config="bucket=podaac-services-${{ env.THE_ENV }}-terraform" -backend-config="region=us-west-2"
           terraform plan -var-file=tfvars/${{ env.THE_ENV }}.tfvars -var="app_version=${{ env.THE_VERSION }}" -out="tfplan"
           terraform apply -auto-approve tfplan
diff --git a/terraform/hydrocron-lambda-iam.tf b/terraform/hydrocron-lambda-iam.tf
index 6601c99..a05c30c 100644
--- a/terraform/hydrocron-lambda-iam.tf
+++ b/terraform/hydrocron-lambda-iam.tf
@@ -9,7 +9,12 @@ resource "aws_iam_role" "hydrocron-service-role" {
   "Version": "2012-10-17",
   "Statement": [
     {
-      "Action": "sts:AssumeRole",
+      "Action": [
+        "sts:AssumeRole",
+        "ec2:CreateNetworkInterface",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DeleteNetworkInterface"
+      ],
       "Principal": {
         "Service": "lambda.amazonaws.com"
       },