diff --git a/terraform/releases/impl/promote-release.tf b/terraform/releases/impl/promote-release.tf
index d73c5c88d..c61d6f836 100644
--- a/terraform/releases/impl/promote-release.tf
+++ b/terraform/releases/impl/promote-release.tf
@@ -197,7 +197,17 @@ resource "aws_iam_role_policy" "promote_release" {
           "${aws_s3_bucket.static.arn}/doc/*",
           "${aws_s3_bucket.static.arn}/dist",
           "${aws_s3_bucket.static.arn}/dist/*",
-
+        ]
+      },
+      {
+        Sid    = "BucketsReadDelete"
+        Effect = "Allow"
+        Action = [
+          "s3:GetObjectAcl",
+          "s3:GetObject",
+          "s3:DeleteObject",
+        ]
+        Resource = [
           // Artifacts bucket
           "${data.aws_s3_bucket.artifacts.arn}/rustc-builds",
           "${data.aws_s3_bucket.artifacts.arn}/rustc-builds/*",