diff --git a/modules/cloudbuild/main.tf b/modules/cloudbuild/main.tf
index 2381f1ae..1753e079 100644
--- a/modules/cloudbuild/main.tf
+++ b/modules/cloudbuild/main.tf
@@ -108,6 +108,16 @@ resource "time_sleep" "impersonate_propagation" {
   ]
 }
 
+/******************************************
+  Cloudbuild Service Agent Role
+******************************************/
+
+resource "google_project_iam_member" "cb_service_agent_role" {
+  project = module.cloudbuild_project.project_id
+  role    = "roles/cloudbuild.serviceAgent"
+  member  = "serviceAccount:service-${module.cloudbuild_project.project_number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
+}
+
 /******************************************
   Cloudbuild IAM for admins
 *******************************************/
diff --git a/modules/tf_cloudbuild_source/main.tf b/modules/tf_cloudbuild_source/main.tf
index 8454a435..2c0927cd 100644
--- a/modules/tf_cloudbuild_source/main.tf
+++ b/modules/tf_cloudbuild_source/main.tf
@@ -88,6 +88,14 @@ resource "google_project_iam_member" "org_admins_source_repo_admin" {
   member  = "group:${var.group_org_admins}"
 }
 
+//Cloudbuild Service Agent
+resource "google_project_iam_member" "cb_service_agent_role" {
+  project = module.cloudbuild_project.project_id
+  role    = "roles/cloudbuild.serviceAgent"
+  member  = "serviceAccount:service-${module.cloudbuild_project.project_number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
+}
+
+//Cloudbuild Service Account
 resource "google_storage_bucket_iam_member" "cloudbuild_iam" {
   bucket = module.cloudbuild_bucket.bucket.name
   role   = "roles/storage.admin"