diff --git a/modules/log_ingestion.s3.cft.yaml b/modules/log_ingestion.s3.cft.yaml
index 73b0087..b88ad75 100644
--- a/modules/log_ingestion.s3.cft.yaml
+++ b/modules/log_ingestion.s3.cft.yaml
@@ -92,6 +92,13 @@ Resources:
                 Resource:
                   - !Sub '${BucketARN}'
                   - !Sub '${BucketARN}/*'
+              - Sid: "CloudlogsS3AccessList"
+                Effect: "Allow"
+                Action:
+                  - "s3:List*"
+                Resource:
+                  - !Sub '${BucketARN}'
+                  - !Sub '${BucketARN}/*'
 
   CloudTrailNotificationsTopic:
     Condition: CreateSNSTopic