diff --git a/aws_lb_controller.tf b/aws_lb_controller.tf
index e590698..a8253c2 100644
--- a/aws_lb_controller.tf
+++ b/aws_lb_controller.tf
@@ -36,6 +36,7 @@ data "aws_iam_policy_document" "lb_controller" {
       "ec2:DescribeTags",
       "ec2:GetCoipPoolUsage",
       "ec2:DescribeCoipPools",
+      "ec2:GetSecurityGroupsForVpc",
       "elasticloadbalancing:DescribeLoadBalancers",
       "elasticloadbalancing:DescribeLoadBalancerAttributes",
       "elasticloadbalancing:DescribeListeners",