diff --git a/deploy/tf/aws_details.tf b/deploy/tf/aws_details.tf
deleted file mode 100644
index 038d1e2..0000000
--- a/deploy/tf/aws_details.tf
+++ /dev/null
@@ -1,2 +0,0 @@
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
diff --git a/deploy/tf/service.tf b/deploy/tf/service.tf
index c95d31d..a661b97 100644
--- a/deploy/tf/service.tf
+++ b/deploy/tf/service.tf
@@ -148,7 +148,8 @@ module "service" {
     }
   }
 
-  tasks_iam_role_statements = var.iam_statements
+  task_exec_iam_statements  = var.task_exec_iam_statements
+  tasks_iam_role_statements = var.tasks_iam_role_statements
 
   timeouts = {
     create = "10m"
diff --git a/deploy/tf/variables.tf b/deploy/tf/variables.tf
index cacdf20..bc7847d 100644
--- a/deploy/tf/variables.tf
+++ b/deploy/tf/variables.tf
@@ -4,6 +4,20 @@ variable "alb_parameter_name" {
   type        = string
 }
 
+# task exec role
+variable "task_exec_iam_statements" {
+  description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+  type        = any
+  default     = {}
+}
+
+# tasks role
+variable "tasks_iam_role_statements" {
+  description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
+  type        = any
+  default     = {}
+}
+
 # container variables
 variable "app_container_name" {
   description = "The name of the primary application container"
@@ -118,12 +132,6 @@ variable "environment" {
   type        = string
 }
 
-variable "iam_statements" {
-  description = "List of IAM statements to attach to the task role"
-  type        = any
-  default     = []
-}
-
 # Target group health checks
 variable "health_check_path" {
   description = "The health check path for the ALB target group."
diff --git a/deploy/vars/development/variables.yaml b/deploy/vars/development/variables.yaml
index a90cf67..05cc1c8 100644
--- a/deploy/vars/development/variables.yaml
+++ b/deploy/vars/development/variables.yaml
@@ -19,7 +19,7 @@ environment_files:
   - value: arn:aws:s3:::app-config-sydney-450356697252/geonetwork4/development.env
     type: s3
 
-iam_statements:
+task_exec_iam_statements:
   - actions:
       - s3:GetObject
     resources:
@@ -29,7 +29,6 @@ iam_statements:
     resources:
       - arn:aws:s3:::app-config-sydney-450356697252
 
-
 health_check_path: /geonetwork/srv/eng/catalog.search#/home
 unhealthy_threshold: 10