diff --git a/terraform/platform/cost-analytics/main.tf b/terraform/platform/cost-analytics/main.tf
index 993faba..605b7b8 100644
--- a/terraform/platform/cost-analytics/main.tf
+++ b/terraform/platform/cost-analytics/main.tf
@@ -164,6 +164,9 @@ resource "aws_bcmdataexports_export" "cur" {
           INCLUDE_RESOURCES                     = "TRUE"
           INCLUDE_MANUAL_DISCOUNT_COMPATIBILITY = "FALSE"
           INCLUDE_SPLIT_COST_ALLOCATION_DATA    = "FALSE"
+          # AWS returns this in response even when unset — must declare to
+          # avoid "inconsistent result after apply" provider bug (issue #42761)
+          BILLING_VIEW_ARN = "arn:aws:billing::${var.aws_account_id}:billingview/primary"
         }
       }
     }
diff --git a/terraform/platform/iam/main.tf b/terraform/platform/iam/main.tf
index cdca0db..1cbf57f 100644
--- a/terraform/platform/iam/main.tf
+++ b/terraform/platform/iam/main.tf
@@ -132,6 +132,16 @@ resource "aws_iam_role_policy" "ci_infra_plan_extras" {
         Action   = "pricing:GetProducts"
         Resource = "*"
       },
+      {
+        # BCM Data Exports (CUR 2.0) — not in ReadOnlyAccess managed policy
+        Sid    = "BCMDataExportsRead"
+        Effect = "Allow"
+        Action = [
+          "bcm-data-exports:Get*",
+          "bcm-data-exports:List*",
+        ]
+        Resource = "*"
+      },
     ]
   })
 }