diff --git a/proxy/terraform/modules/gcs.tf b/proxy/terraform/modules/gcs.tf
index 808a015a3..c2ede78d9 100644
--- a/proxy/terraform/modules/gcs.tf
+++ b/proxy/terraform/modules/gcs.tf
@@ -3,8 +3,14 @@ resource "google_storage_bucket" "proxy_certificate" {
   storage_class = "MULTI_REGIONAL"
 }
 
-resource "google_storage_bucket_iam_member" "member" {
+resource "google_storage_bucket_iam_member" "certificate_viewer" {
   bucket = "${google_storage_bucket.proxy_certificate.name}"
   role   = "roles/storage.objectViewer"
   member = "serviceAccount:${google_service_account.proxy_service_account.email}"
 }
+
+resource "google_storage_bucket_iam_member" "gcr_viewer" {
+  bucket = "artifacts.${var.gcr_project_name}.appspot.com"
+  role   = "roles/storage.objectViewer"
+  member = "serviceAccount:${google_service_account.proxy_service_account.email}"
+}
diff --git a/proxy/terraform/modules/iam.tf b/proxy/terraform/modules/iam.tf
index 1e346a562..09a298f27 100644
--- a/proxy/terraform/modules/iam.tf
+++ b/proxy/terraform/modules/iam.tf
@@ -3,12 +3,6 @@ resource "google_service_account" "proxy_service_account" {
   display_name = "Nomulus proxy service account"
 }
 
-resource "google_project_iam_member" "gcr_storage_viewer" {
-  project = "${var.gcr_project_name}"
-  role    = "roles/storage.objectViewer"
-  member  = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}
-
 resource "google_project_iam_member" "metric_writer" {
   role   = "roles/monitoring.metricWriter"
   member = "serviceAccount:${google_service_account.proxy_service_account.email}"