diff --git a/charts/gsp-cluster/templates/00-aws-auth/operator-cluster-role.yaml b/charts/gsp-cluster/templates/00-aws-auth/operator-cluster-role.yaml
index 1364c64d0..f3494de1e 100644
--- a/charts/gsp-cluster/templates/00-aws-auth/operator-cluster-role.yaml
+++ b/charts/gsp-cluster/templates/00-aws-auth/operator-cluster-role.yaml
@@ -36,6 +36,11 @@ rules:
   - patch
   - update
   - watch
+- apiGroups: [""]
+  resources:
+  - pods/exec
+  verbs:
+  - create
 
 - apiGroups: ["access.govsvc.uk"]
   resources:
diff --git a/docs/architecture/adr/ADR043-k8s-resource-access.md b/docs/architecture/adr/ADR043-k8s-resource-access.md
index f1c9eb8e2..ecae40b3c 100644
--- a/docs/architecture/adr/ADR043-k8s-resource-access.md
+++ b/docs/architecture/adr/ADR043-k8s-resource-access.md
@@ -584,6 +584,11 @@ rules:
   - patch
   - update
   - watch
+- apiGroups: [""]
+  resources:
+  - pods/exec
+  verbs:
+  - create
 
 - apiGroups: ["access.govsvc.uk"]
   resources: