diff --git a/modules/document-ingestion/iam.tf b/modules/document-ingestion/iam.tf
index 5993ec9..4faa350 100644
--- a/modules/document-ingestion/iam.tf
+++ b/modules/document-ingestion/iam.tf
@@ -41,11 +41,6 @@ resource "aws_iam_role" "ingestion_api_datasource" {
     }]
   })
 
-  managed_policy_arns = [
-    "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
-    "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
-  ]
-
   tags = local.combined_tags
 }
 
@@ -55,6 +50,23 @@ resource "aws_iam_role_policy" "ingestion_api_datasource" {
   policy = data.aws_iam_policy_document.ingestion_api_datasource.json
 }
 
+data "aws_iam_policy" "AWSLambdaBasicExecutionRole" {
+  arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+data "aws_iam_policy" "AmazonEventBridgeFullAccess" {
+  arn = "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess"
+}
+
+resource "aws_iam_role_policy_attachments_exclusive" "ingestion_api_datasource_lambda_managed_policies_attach" {
+  role_name = aws_iam_role.ingestion_api_datasource.name
+  policy_arns = [
+    data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn,
+    data.aws_iam_policy.AmazonEventBridgeFullAccess.arn
+  ]
+}
+
+
 ############################################################################################################
 # IAM Role for Ingestion Input Validation Lambda
 ############################################################################################################