diff --git a/infrastructure/bootstrap/spoke.bicep b/infrastructure/bootstrap/spoke.bicep
index 1db42d1c..0511af94 100644
--- a/infrastructure/bootstrap/spoke.bicep
+++ b/infrastructure/bootstrap/spoke.bicep
@@ -41,6 +41,7 @@ var roleID = {
   storageBlobDataContributor: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
   storageQueueDataContributor: '974c5e8b-45b9-4653-ba55-5f855dd0fb88'
   userAccessAdmin: '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9'
+  monitoringContributor: '749f88d5-cbae-40b8-bcfc-e573ddc772fa'
 }
 
 // Retrieve existing terraform state resource group
@@ -216,6 +217,14 @@ resource storageBlobDataContributor 'Microsoft.Authorization/roleAssignments@202
   }
 }
 
+resource monitoringContributorAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().subscriptionId, envConfig, 'monitoringContributor')
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleID.monitoringContributor)
+    principalId: managedIdentiyADOtoAZ.outputs.miPrincipalID
+    description: '${miADOtoAZname} Monitoring Contributor access to subscription'
+  }
+}
 
 output miPrincipalID string = managedIdentiyADOtoAZ.outputs.miPrincipalID
 output miName string = miADOtoAZname
diff --git a/scripts/config/gitleaks.toml b/scripts/config/gitleaks.toml
index 9def239a..2b357551 100644
--- a/scripts/config/gitleaks.toml
+++ b/scripts/config/gitleaks.toml
@@ -26,5 +26,6 @@ regexes = [
 '''b86a8fe4-44ce-4948-aee5-eccb2c155cd7''',
 '''3466794b-ae91-4039-a834-c2d888c78a53''',
 '''f1a07417-d97a-45cb-824c-7a7467783830''',
-'''18d7d88d-d35e-4fb5-a5c3-7773c20a72d9'''
+'''18d7d88d-d35e-4fb5-a5c3-7773c20a72d9''',
+'''749f88d5-cbae-40b8-bcfc-e573ddc772fa'''
 ]