diff --git a/operations/template/storage.tf b/operations/template/storage.tf
index b9c467cae..3ec6bc231 100644
--- a/operations/template/storage.tf
+++ b/operations/template/storage.tf
@@ -13,3 +13,9 @@ resource "azurerm_storage_container" "metadata" {
   storage_account_name  = azurerm_storage_account.storage.name
   container_access_type = "private"
 }
+
+resource "azurerm_role_assignment" "allow_api_read_write" {
+  scope                = azurerm_storage_container.metadata.id
+  role_definition_name = "Storage Blob Data Contributor"
+  principal_id         = azurerm_linux_web_app.api.identity.0.principal_id
+}