diff --git a/infrastructure/account-data-deleter/src/dataDeleterApp.ts b/infrastructure/account-data-deleter/src/dataDeleterApp.ts
index ef541b64a..5e70ae355 100644
--- a/infrastructure/account-data-deleter/src/dataDeleterApp.ts
+++ b/infrastructure/account-data-deleter/src/dataDeleterApp.ts
@@ -247,6 +247,9 @@ export class DataDeleterApp extends Construct {
               `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/${config.name}/${config.environment}`,
               `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/${config.name}/${config.environment}/*`,
               `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/Shared/*`,
+              `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/Web/${config.environment}/FIREFOX_WEB_AUTH_CLIENT_ID`,
+              `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/Web/${config.environment}/FIREFOX_WEB_AUTH_CLIENT_SECRET`,
+              `arn:aws:ssm:${region.name}:${caller.accountId}:parameter/Web/${config.environment}/FIREFOX_AUTH_OAUTH_URL`,
             ],
             effect: 'Allow',
           },