diff --git a/terraform/da-terraform-configurations b/terraform/da-terraform-configurations
index f90aeab..75d009e 160000
--- a/terraform/da-terraform-configurations
+++ b/terraform/da-terraform-configurations
@@ -1 +1 @@
-Subproject commit f90aeab84ed03f4bf701a314d9ece5aa379c2aed
+Subproject commit 75d009eebf92e155f633d6250f09c8f7bc9ba5e9
diff --git a/terraform/root_locals.tf b/terraform/root_locals.tf
index 896f834..fc682da 100644
--- a/terraform/root_locals.tf
+++ b/terraform/root_locals.tf
@@ -15,4 +15,6 @@ locals {
   reference_generator_function_name    = "${var.project}-reference-generator-${local.hosting_environment}"
   reference_generator_api_gateway_name = "${upper(var.project)}ReferenceGenerator${local.hosting_environment}"
   reference_counter_table_name         = "${var.project}-reference-counter"
+  api_task_role_arn                    = module.terraform_config_hosting_project.terraform_config[local.hosting_environment]["api_task_role_arn"]
+  api_execution_role_arn               = module.terraform_config_hosting_project.terraform_config[local.hosting_environment]["api_execution_role_arn"]
 }
diff --git a/terraform/root_main.tf b/terraform/root_main.tf
index 41760c9..892dcbf 100644
--- a/terraform/root_main.tf
+++ b/terraform/root_main.tf
@@ -63,4 +63,9 @@ module "reference_generator_api_gateway" {
   api_name    = local.reference_generator_api_gateway_name
   environment = local.hosting_environment
   common_tags = local.hosting_common_tags
+  api_rest_policy = templatefile("${path.module}/templates/api_gateway/reference_generator_rest_policy.json.tpl", {
+    api_gateway_arn        = module.reference_generator_api_gateway.api_execution_arn
+    api_task_role_arn      = local.api_task_role_arn
+    api_execution_role_arn = local.api_execution_role_arn
+  })
 }
diff --git a/terraform/templates/api_gateway/reference_generator_rest_policy.json.tpl b/terraform/templates/api_gateway/reference_generator_rest_policy.json.tpl
new file mode 100644
index 0000000..154efa8
--- /dev/null
+++ b/terraform/templates/api_gateway/reference_generator_rest_policy.json.tpl
@@ -0,0 +1,16 @@
+{
+  "Version":"2012-10-17",
+  "Statement":[
+    {
+      "Effect":"Allow",
+      "Principal":{
+        "AWS":[
+          "${api_task_role_arn}",
+          "${api_execution_role_arn}"
+        ]
+      },
+      "Action":"execute-api:Invoke",
+      "Resource":"${api_gateway_arn}"
+    }
+  ]
+}