diff --git a/integrations/kubernetes-response-engine/deployment/aws/.gitignore b/integrations/kubernetes-response-engine/deployment/aws/.gitignore
index e95d270e..5b70b6d3 100644
--- a/integrations/kubernetes-response-engine/deployment/aws/.gitignore
+++ b/integrations/kubernetes-response-engine/deployment/aws/.gitignore
@@ -1,4 +1,4 @@
 .terraform/*
 .terraform.*
 terraform.*
-*.yaml
+aws-auth-patch.yml
diff --git a/integrations/kubernetes-response-engine/deployment/aws/Makefile b/integrations/kubernetes-response-engine/deployment/aws/Makefile
index ff640c9c..1f512c97 100644
--- a/integrations/kubernetes-response-engine/deployment/aws/Makefile
+++ b/integrations/kubernetes-response-engine/deployment/aws/Makefile
@@ -1,11 +1,17 @@
-all: create configure
+all: rbac create configure
+
+rbac:
+	kubectl apply -f ../cluster-role.yaml
+	kubectl apply -f cluster-role-binding.yaml
 
 create:
-	terraform apply
+	terraform apply -auto-approve
 
 configure:
 	kubectl get -n kube-system configmap/aws-auth -o yaml | awk "/mapRoles: \|/{print;print \"$(shell terraform output patch_for_aws_auth)\";next}1" > aws-auth-patch.yml
 	kubectl -n kube-system replace -f aws-auth-patch.yml
 
 clean:
-	terraform destroy
+	terraform destroy -force
+	kubectl delete -f cluster-role-binding.yaml
+	kubectl delete -f ../cluster-role.yaml
diff --git a/integrations/kubernetes-response-engine/deployment/aws/cluster-role-binding.yaml b/integrations/kubernetes-response-engine/deployment/aws/cluster-role-binding.yaml
new file mode 100644
index 00000000..5b264a23
--- /dev/null
+++ b/integrations/kubernetes-response-engine/deployment/aws/cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-response-engine-cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubernetes-response-engine-cluster-role
+subjects:
+- kind: User
+  apiGroup: rbac.authorization.k8s.io
+  name: kubernetes-response-engine
diff --git a/integrations/kubernetes-response-engine/deployment/aws/outputs.tf b/integrations/kubernetes-response-engine/deployment/aws/outputs.tf
index c793c2d2..0cbc8b98 100644
--- a/integrations/kubernetes-response-engine/deployment/aws/outputs.tf
+++ b/integrations/kubernetes-response-engine/deployment/aws/outputs.tf
@@ -1,7 +1,7 @@
 locals {
   patch_for_aws_auth = <<CONFIGMAPAWSAUTH
     - rolearn: ${aws_iam_role.iam-for-lambda.arn}\n
-     username: kubernetes-admin\n
+     username: kubernetes-response-engine\n
      groups:\n
        - system:masters
 CONFIGMAPAWSAUTH
diff --git a/integrations/kubernetes-response-engine/deployment/cluster-role.yaml b/integrations/kubernetes-response-engine/deployment/cluster-role.yaml
new file mode 100644
index 00000000..4c76c26b
--- /dev/null
+++ b/integrations/kubernetes-response-engine/deployment/cluster-role.yaml
@@ -0,0 +1,25 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubernetes-response-engine-cluster-role
+rules:
+  - apiGroups:
+    - ""
+    resources:
+      - pods
+    verbs:
+      - delete
+      - list
+      - patch
+  - apiGroups:
+    - ""
+    resources:
+      - nodes
+    verbs:
+      - patch
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - create