diff --git a/infrastructure/stacks/postcode_etl/host_iam_role.tf b/infrastructure/stacks/postcode_etl/host_iam_role.tf
index 64a1c3e3..4854b8aa 100644
--- a/infrastructure/stacks/postcode_etl/host_iam_role.tf
+++ b/infrastructure/stacks/postcode_etl/host_iam_role.tf
@@ -33,27 +33,19 @@ resource "aws_iam_policy" "service_account_policy" {
   path        = "/"
   description = "Postcode IAM role policies"
 
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
       {
+        Sid    = "AllowAccessOnlyOnSpecificDynamoDBTable"
+        Effect = "Allow"
         Action = [
-          "ec2:*",
-          "s3:*",
-          "dynamodb:*",
-          "ecr:*",
-          "lambda:*",
-          "es:*",
-          "rds:*",
-          "iam:*",
-          "ecr:BatchGetImage"
-
+          "dynamodb:*"
+        ]
+        Resource = [
+          "arn:aws:dynamodb:${var.aws_region}:${var.aws_account_id}:table/uec-sf-pc-${var.profile}-postcode-location-mapping"
         ]
-        Effect   = "Allow"
-        Resource = "*"
-      },
+      }
     ]
   })
 }