diff --git a/aws/dns/iam.tf b/aws/dns/iam.tf
index fc499e6bb..ae0e9715e 100644
--- a/aws/dns/iam.tf
+++ b/aws/dns/iam.tf
@@ -157,23 +157,21 @@ resource "aws_iam_role" "dev_dns_manager" {
   count = var.env == "staging" ? 1 : 0
   name  = "dev_dns_manager_role"
 
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Effect = "Allow",
-        Principal = {
-          AWS = [
-            "800095993820",
-            "arn:aws:iam::800095993820:role/notification-terraform-apply",
-            "arn:aws:iam::800095993820:role/notification-terraform-plan",
-            "arn:aws:sts::800095993820:assumed-role/notification-terraform-plan/NotifyTerraformPlan"
-          ]
-        },
-        Action = "sts:AssumeRole"
-      }
-    ]
-  })
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "AWS": "800095993820"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
 }
 
 resource "aws_iam_role_policy" "sandbox_dns_manager_policy" {