diff --git a/terraform/core/23-FME-iam.tf b/terraform/core/23-FME-iam.tf
index 60b90af7b..715846054 100644
--- a/terraform/core/23-FME-iam.tf
+++ b/terraform/core/23-FME-iam.tf
@@ -115,9 +115,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
       "s3:GetObjectVersion",
     ]
     resources = [
-      "${module.raw_zone.bucket_arn}/*",
-      "${module.refined_zone.bucket_arn}/*",
-      "${module.trusted_zone.bucket_arn}/*",
+      "${module.raw_zone.bucket_arn}/unrestricted/*",
       "${module.athena_storage.bucket_arn}/primary/*"
     ]
   }
@@ -128,8 +126,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
       "s3:PutObject"
     ]
     resources = [
-      "${module.refined_zone.bucket_arn}/*",
-      "${module.trusted_zone.bucket_arn}/*",
+      "${module.raw_zone.bucket_arn}/unrestricted/*",
       "${module.athena_storage.bucket_arn}/primary/*"
     ]
   }
@@ -144,8 +141,6 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
     resources = [
       module.athena_storage.kms_key_arn,
       module.raw_zone.kms_key_arn,
-      module.refined_zone.kms_key_arn,
-      module.trusted_zone.kms_key_arn
     ]
   }
-}
\ No newline at end of file
+}