From cfc70f3b9d9d74f7fbf62562d10cd7b9f70443d4 Mon Sep 17 00:00:00 2001
From: Federico Bonfigli <fbonfigl@redhat.com>
Date: Tue, 5 May 2026 15:08:54 +0200
Subject: [PATCH] Add SetSecurityGroups permission to documentation

Adds the elasticloadbalancing:SetSecurityGroup permission to
the OCP Docs, required for the correct functioning of the BYO
Security Group on AWS Network Load Balancer feature.
---
 modules/hcp-managed-aws-iam.adoc                    | 1 +
 modules/installation-aws-permissions-iam-roles.adoc | 1 +
 2 files changed, 2 insertions(+)

diff --git a/modules/hcp-managed-aws-iam.adoc b/modules/hcp-managed-aws-iam.adoc
index 8efb060214a7..3f1ba781fbc3 100644
--- a/modules/hcp-managed-aws-iam.adoc
+++ b/modules/hcp-managed-aws-iam.adoc
@@ -220,6 +220,7 @@ The roles that {hcp} uses are shown in the following examples:
                 "elasticloadbalancing:ModifyTargetGroup",
                 "elasticloadbalancing:RegisterTargets",
                 "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
+                "elasticloadbalancing:SetSecurityGroups",
                 "iam:CreateServiceLinkedRole",
                 "kms:DescribeKey"
             ],
diff --git a/modules/installation-aws-permissions-iam-roles.adoc b/modules/installation-aws-permissions-iam-roles.adoc
index e7bf5f30f51b..4e106534e619 100644
--- a/modules/installation-aws-permissions-iam-roles.adoc
+++ b/modules/installation-aws-permissions-iam-roles.adoc
@@ -51,6 +51,7 @@ The following lists specify the default permissions for control plane and comput
 * `elasticloadbalancing:RegisterTargets`
 * `elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer`
 * `elasticloadbalancing:SetLoadBalancerPoliciesOfListener`
+* `elasticloadbalancing:SetSecurityGroups`
 * `kms:DescribeKey`
 
 .Default IAM role permissions for compute instance profiles