diff --git a/cmd/infra/aws/delegating_client.go b/cmd/infra/aws/delegating_client.go
index 2ec5c174334..57a1715531e 100644
--- a/cmd/infra/aws/delegating_client.go
+++ b/cmd/infra/aws/delegating_client.go
@@ -547,6 +547,9 @@ func (c *elasticloadbalancingv2Client) ModifyTargetGroupAttributes(ctx context.C
 func (c *elasticloadbalancingv2Client) RegisterTargets(ctx context.Context, input *elasticloadbalancingv2.RegisterTargetsInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.RegisterTargetsOutput, error) {
 	return c.cloudController.elasticloadbalancingv2Client.RegisterTargets(ctx, input, optFns...)
 }
+func (c *elasticloadbalancingv2Client) SetSecurityGroups(ctx context.Context, input *elasticloadbalancingv2.SetSecurityGroupsInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.SetSecurityGroupsOutput, error) {
+	return c.cloudController.elasticloadbalancingv2Client.SetSecurityGroups(ctx, input, optFns...)
+}
 
 // route53Client delegates to individual component clients for API calls we know those components will have privileges to make.
 type route53Client struct {
diff --git a/cmd/infra/aws/delegatingclientgenerator/main.go b/cmd/infra/aws/delegatingclientgenerator/main.go
index 457728cc8f4..3f82565dc82 100644
--- a/cmd/infra/aws/delegatingclientgenerator/main.go
+++ b/cmd/infra/aws/delegatingclientgenerator/main.go
@@ -308,6 +308,7 @@ func adjustAPIs(delegates aws.ServicesByDelegate) aws.ServicesByDelegate {
 			"ModifyListener",
 			"ModifyTargetGroup",
 			"ModifyTargetGroupAttributes",
+			"SetSecurityGroups",
 		),
 		"elasticloadbalancingv2": sets.New(
 			"ApplySecurityGroupsToLoadBalancer",
diff --git a/cmd/infra/aws/iam.go b/cmd/infra/aws/iam.go
index 2100dfa0f4b..ecf71cdeee9 100644
--- a/cmd/infra/aws/iam.go
+++ b/cmd/infra/aws/iam.go
@@ -214,6 +214,7 @@ var (
         "elasticloadbalancing:ModifyTargetGroup",
         "elasticloadbalancing:RegisterTargets",
         "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
+        "elasticloadbalancing:SetSecurityGroups",
         "iam:CreateServiceLinkedRole",
         "kms:DescribeKey"
       ],
@@ -936,6 +937,7 @@ func (o *CreateIAMOptions) CreateOIDCResources(ctx context.Context, iamClient aw
 		// The permissions are:
 		// - elasticloadbalancing:DescribeTargetGroupAttributes
 		// - elasticloadbalancing:ModifyTargetGroupAttributes
+		// - elasticloadbalancing:SetSecurityGroups
 		//
 		// https://issues.redhat.com/browse/OCPBUGS-65885
 		//
@@ -946,7 +948,8 @@ func (o *CreateIAMOptions) CreateOIDCResources(ctx context.Context, iamClient aw
 				"Effect": "Allow",
 				"Action": [
 					"elasticloadbalancing:DescribeTargetGroupAttributes",
-					"elasticloadbalancing:ModifyTargetGroupAttributes"
+					"elasticloadbalancing:ModifyTargetGroupAttributes",
+					"elasticloadbalancing:SetSecurityGroups"
 				],
 				"Resource": "*"
 			}`
diff --git a/docs/content/reference/aggregated-docs.md b/docs/content/reference/aggregated-docs.md
index 9ef5da72720..d1c890001ee 100644
--- a/docs/content/reference/aggregated-docs.md
+++ b/docs/content/reference/aggregated-docs.md
@@ -50798,6 +50798,7 @@ And these are samples for each one of the roles Hypershift uses:
                     "elasticloadbalancing:ModifyTargetGroupAttributes",
                     "elasticloadbalancing:RegisterTargets",
                     "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
+                    "elasticloadbalancing:SetSecurityGroups",
                     "iam:CreateServiceLinkedRole",
                     "kms:DescribeKey"
                 ],
diff --git a/docs/content/reference/infrastructure/aws.md b/docs/content/reference/infrastructure/aws.md
index 012aab2ab11..2d7757095ca 100644
--- a/docs/content/reference/infrastructure/aws.md
+++ b/docs/content/reference/infrastructure/aws.md
@@ -508,6 +508,7 @@ And these are samples for each one of the roles Hypershift uses:
                     "elasticloadbalancing:ModifyTargetGroupAttributes",
                     "elasticloadbalancing:RegisterTargets",
                     "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
+                    "elasticloadbalancing:SetSecurityGroups",
                     "iam:CreateServiceLinkedRole",
                     "kms:DescribeKey"
                 ],
diff --git a/support/awsapi/elasticloadbalancingv2.go b/support/awsapi/elasticloadbalancingv2.go
index 00a84585482..9ec96e76a57 100644
--- a/support/awsapi/elasticloadbalancingv2.go
+++ b/support/awsapi/elasticloadbalancingv2.go
@@ -36,6 +36,7 @@ type ELBV2API interface {
 	ModifyTargetGroup(ctx context.Context, input *elasticloadbalancingv2.ModifyTargetGroupInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.ModifyTargetGroupOutput, error)
 	ModifyTargetGroupAttributes(ctx context.Context, input *elasticloadbalancingv2.ModifyTargetGroupAttributesInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.ModifyTargetGroupAttributesOutput, error)
 	RegisterTargets(ctx context.Context, input *elasticloadbalancingv2.RegisterTargetsInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.RegisterTargetsOutput, error)
+	SetSecurityGroups(ctx context.Context, input *elasticloadbalancingv2.SetSecurityGroupsInput, optFns ...func(*elasticloadbalancingv2.Options)) (*elasticloadbalancingv2.SetSecurityGroupsOutput, error)
 }
 
 // Ensure *elasticloadbalancingv2.Client implements ELBV2API