diff --git a/iam_policies/SCVProvisioningPolicy.json b/iam_policies/SCVProvisioningPolicy.json
index 4e768b1..255ebc2 100644
--- a/iam_policies/SCVProvisioningPolicy.json
+++ b/iam_policies/SCVProvisioningPolicy.json
@@ -6,12 +6,18 @@
             "Effect": "Allow",
             "Action": [
                 "ds:*",
-                "logs:*",
+                "logs:DescribeLogGroups",
                 "lambda:GetEventSourceMapping",
                 "kms:CreateKey"
             ],
             "Resource": "*"
         },
+        {
+            "Sid": "LogsAccess",
+            "Effect": "Allow",
+            "Action": "logs:*",
+            "Resource": "arn:aws:logs:*:<AWS_ACCOUNT_ID>:log-group:*scvbyoaaccesscloudwatchloggroup*"
+        },
         {
             "Sid": "EventsAccess",
             "Effect": "Allow",
@@ -218,4 +224,4 @@
             ]
         }
     ]
-}
\ No newline at end of file
+}