diff --git a/root_draft_metadata.tf b/root_draft_metadata.tf
index a7bc5ea..6ad319d 100644
--- a/root_draft_metadata.tf
+++ b/root_draft_metadata.tf
@@ -73,8 +73,8 @@ module "draft_metadata_bucket" {
   kms_key_arn = module.s3_internal_kms_key.kms_key_arn
 }
 
-data "aws_ssm_parameter" "backend_checks_keycloak_secret" {
-  name            = local.keycloak_backend_checks_secret_name
+data "aws_ssm_parameter" "draft_metadata_keycloak_secret" {
+  name            = local.keycloak_tdr_draft_metadata_client_secret_name
   with_decryption = true
 }
 
@@ -85,8 +85,8 @@ resource "aws_cloudwatch_event_connection" "consignment_api_connection" {
   auth_parameters {
     oauth {
       client_parameters {
-        client_id     = local.keycloak_backend-checks_client_id
-        client_secret = data.aws_ssm_parameter.backend_checks_keycloak_secret.value
+        client_id     = local.keycloak_draft-metadata_client_id
+        client_secret = data.aws_ssm_parameter.draft_metadata_keycloak_secret.value
       }
 
       authorization_endpoint = "${local.keycloak_auth_url}/realms/tdr/protocol/openid-connect/token"
diff --git a/root_locals.tf b/root_locals.tf
index 2c31baa..fc9f2f7 100644
--- a/root_locals.tf
+++ b/root_locals.tf
@@ -93,6 +93,7 @@ locals {
 
   keycloak_reporting_client_id      = "tdr-reporting"
   keycloak_backend-checks_client_id = "tdr-backend-checks"
+  keycloak_draft-metadata_client_id = "tdr-draft-metadata"
 
   //Used for allowing full access for Cloudfront logging. More information at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership
   logs_delivery_canonical_user_id = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"