diff --git a/README.md b/README.md
index 0d6f20d..cda8e85 100644
--- a/README.md
+++ b/README.md
@@ -207,6 +207,7 @@ Before opening a Pull Request, please do the following:
 | <a name="input_landing_zone_ou_arns"></a> [landing\_zone\_ou\_arns](#input\_landing\_zone\_ou\_arns) | Organizational Unit ARNs that are used in Landing Zones. We recommend to explicitly list the OU ARNs that meshStack should manage. | `list(string)` | <pre>[<br>  "arn:aws:organizations::*:ou/o-*/ou-*"<br>]</pre> | no |
 | <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-2-management | `string` | `"MeshfedServiceRole"` | no |
 | <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the meshfed-service user. This user is responsible for replication. | `string` | `"meshfed-service-user"` | no |
+| <a name="input_meshstack_access_role_name"></a> [meshstack\_access\_role\_name](#input\_meshstack\_access\_role\_name) | Name of the account access role used by meshfed-service. This should be the same as 'Account Access Role' in AWS Platform Config in meshStack | `string` | `"MeshstackAccountAccessRole"` | no |
 | <a name="input_replicator_privileged_external_id"></a> [replicator\_privileged\_external\_id](#input\_replicator\_privileged\_external\_id) | Set this variable to a random UUID version 4. The external id is a secondary key to make an AssumeRole API call. | `string` | n/a | yes |
 | <a name="input_support_root_account_via_aws_sso"></a> [support\_root\_account\_via\_aws\_sso](#input\_support\_root\_account\_via\_aws\_sso) | Set to true to allow meshStack to manage the Organization's AWS Root account's access via AWS SSO. | `bool` | `false` | no |
 | <a name="input_workload_identity_federation"></a> [workload\_identity\_federation](#input\_workload\_identity\_federation) | Set these options to add a trusted identity provider from meshStack to allow workload identity federation for authentication which can be used instead of access keys. | <pre>object({<br>    issuer             = string,<br>    audience           = string,<br>    thumbprint         = string,<br>    replicator_subject = string,<br>    kraken_subject     = string<br>  })</pre> | `null` | no |
diff --git a/main.tf b/main.tf
index ead89bc..28708e6 100644
--- a/main.tf
+++ b/main.tf
@@ -76,6 +76,7 @@ module "management_account_replicator_access" {
   control_tower_portfolio_id               = var.control_tower_portfolio_id
   meshcloud_account_service_user_name      = var.meshcloud_account_service_user_name
   management_account_service_role_name     = var.management_account_service_role_name
+  meshstack_access_role_name               = var.meshstack_access_role_name
   landing_zone_ou_arns                     = var.landing_zone_ou_arns
   can_close_accounts_in_resource_org_paths = var.can_close_accounts_in_resource_org_paths
 
diff --git a/variables.tf b/variables.tf
index e9a8d01..18a801d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -69,6 +69,12 @@ variable "automation_account_service_role_name" {
   description = "Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation"
 }
 
+variable "meshstack_access_role_name" {
+  type        = string
+  default     = "MeshstackAccountAccessRole"
+  description = "Name of the account access role used by meshfed-service. This should be the same as 'Account Access Role' in AWS Platform Config in meshStack"
+}
+
 variable "cost_explorer_management_account_service_role_name" {
   type        = string
   default     = "MeshCostExplorerServiceRole"