diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index b2d9606308..dece45f9a6 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -877,6 +877,13 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
 			}),
 			Resource: resource,
 		},
+		&Statement{
+			Effect: StatementEffectAllow,
+			Action: stringorslice.Slice([]string{
+				"ec2:CreateTags",
+			}),
+			Resource: stringorslice.Slice([]string{"arn:aws:ec2:*:*:network-interface/*"}),
+		},
 	)
 }