diff --git a/lambda_function/unit_test_trigger.tf b/lambda_function/unit_test_trigger.tf
index 2555853..07a29b1 100644
--- a/lambda_function/unit_test_trigger.tf
+++ b/lambda_function/unit_test_trigger.tf
@@ -49,6 +49,15 @@ resource "aws_iam_role_policy" "unit_test_codebuild" {
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ssm:GetParameter*"
+        ],
+        Resource = [
+          "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/cloudeng/infra/github/token"
+        ]
       }
     ]
   })
diff --git a/lambda_layer/unit_test_trigger.tf b/lambda_layer/unit_test_trigger.tf
index 77bfb67..d2b5964 100644
--- a/lambda_layer/unit_test_trigger.tf
+++ b/lambda_layer/unit_test_trigger.tf
@@ -49,6 +49,15 @@ resource "aws_iam_role_policy" "unit_test_codebuild" {
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ssm:GetParameter*"
+        ],
+        Resource = [
+          "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/cloudeng/infra/github/token"
+        ]
       }
     ]
   })