diff --git a/main.tf b/main.tf
index 6e87db5..e58185e 100644
--- a/main.tf
+++ b/main.tf
@@ -110,7 +110,7 @@ resource "google_project_iam_custom_role" "lacework_custom_project_role" {
   role_id     = "lwComplianceRole_${random_id.uniq.hex}"
   title       = "Lacework Compliance Role"
   description = "Lacework Compliance Role"
-  permissions = ["bigquery.datasets.get", "compute.projects.get", "pubsub.topics.get", "storage.buckets.get", "compute.sslPolicies.get"]
+  permissions = ["bigquery.datasets.get", "compute.projects.get", "pubsub.topics.get", "storage.buckets.get", "compute.sslPolicies.get", "appengine.instances.list"]
   count       = local.skip_iam_grants ? 0 : (local.resource_level == "PROJECT" ? 1 : 0)
 }
 
@@ -147,7 +147,7 @@ resource "google_organization_iam_custom_role" "lacework_custom_organization_rol
   org_id      = var.organization_id
   title       = "Lacework Org Compliance Role"
   description = "Lacework Org Compliance Role"
-  permissions = ["bigquery.datasets.get", "compute.projects.get", "pubsub.topics.get", "storage.buckets.get", "compute.sslPolicies.get"]
+  permissions = ["bigquery.datasets.get", "compute.projects.get", "pubsub.topics.get", "storage.buckets.get", "compute.sslPolicies.get", "appengine.instances.list"]
   count       = local.skip_iam_grants ? 0 : (local.resource_level == "ORGANIZATION" ? 1 : 0)
 }
 
diff --git a/variables.tf b/variables.tf
index 219f2d2..f323fca 100644
--- a/variables.tf
+++ b/variables.tf
@@ -60,6 +60,7 @@ variable "required_config_apis" {
     storage_component    = "storage-component.googleapis.com"
     cloudasset_inventory = "cloudasset.googleapis.com"
     essentialcontacts    = "essentialcontacts.googleapis.com"
+    appengine            = "appengine.googleapis.com"
   }
 }