diff --git a/config/rbac/rbac_role.yaml b/config/rbac/rbac_role.yaml
index 451a0eda4c..44df2d5113 100644
--- a/config/rbac/rbac_role.yaml
+++ b/config/rbac/rbac_role.yaml
@@ -37,6 +37,8 @@ rules:
   verbs:
   - create
   - get
+  - watch
+  - list
 - apiGroups:
   - awsprovider.k8s.io
   resources:
diff --git a/pkg/cloud/aws/actuators/cluster/actuator.go b/pkg/cloud/aws/actuators/cluster/actuator.go
index 95d4a8e486..986f8b0da8 100644
--- a/pkg/cloud/aws/actuators/cluster/actuator.go
+++ b/pkg/cloud/aws/actuators/cluster/actuator.go
@@ -37,7 +37,7 @@ import (
 
 //+kubebuilder:rbac:groups=awsprovider.k8s.io,resources=awsclusterproviderconfigs;awsclusterproviderstatuses,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=,resources=secrets,verbs=create;get
+//+kubebuilder:rbac:groups=,resources=secrets,verbs=create;get;watch;list
 
 // Actuator is responsible for performing cluster reconciliation
 type Actuator struct {