diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 8eb1a1075..5d171583a 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -4,214 +4,54 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - pods
-  - serviceaccounts
-  - services
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  - statefulsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - amazoncloudwatchagents
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - amazoncloudwatchagents/finalizers
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - amazoncloudwatchagents/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - dcgmexporters
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - dcgmexporters/finalizers
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - dcgmexporters/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - instrumentations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - neuronmonitors
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - neuronmonitors/finalizers
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - cloudwatch.aws.amazon.com
-  resources:
-  - neuronmonitors/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - get
-  - list
-  - update
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - podmonitors
-  - servicemonitors
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - policy
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - route.openshift.io
-  resources:
-  - routes
-  - routes/custom-host
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
+- apiGroups: [ "" ]
+  resources: [ "configmaps" ]
+  verbs: [ "create","get","list", "watch" ]
+- apiGroups: [ "" ]
+  resources: [ "configmaps" ]
+  resourceNames: ["cloudwatch-agent", "cloudwatch-agent-windows", "cwagent-clusterleader", "dcgm-exporter-config-map", "fluent-bit-config", "fluent-bit-windows-config", "neuron-monitor-config-map", "kube-root-ca.crt"]
+  verbs: [ "delete","patch","update" ]
+- apiGroups: [ "" ]
+  resources: [ "events" ]
+  verbs: [ "create","patch" ]
+- apiGroups: [ "" ]
+  resources: [ "namespaces" ]
+  verbs: [ "get","list","patch","update","watch" ]
+- apiGroups: [ "" ]
+  resources: [ "serviceaccounts" ]
+  verbs: [ "create","get", "list", "watch" ]
+- apiGroups: [ "" ]
+  resources: [ "serviceaccounts" ]
+  resourceNames: [ "amazon-cloudwatch-observability-controller-manager", "cloudwatch-agent", "dcgm-exporter-service-acct", "neuron-monitor-service-acct"]
+  verbs: ["delete","patch","update" ]
+- apiGroups: [ "" ]
+  resources: [ "services" ]
+  verbs: [ "create","get","list","watch" ]
+- apiGroups: [ "" ]
+  resources: [ "services" ]
+  resourceNames: [ "amazon-cloudwatch-observability-webhook-service", "cloudwatch-agent", "cloudwatch-agent-headless", "cloudwatch-agent-monitoring", "cloudwatch-agent-windows", "cloudwatch-agent-windows-headless", "cloudwatch-agent-windows-monitoring", "dcgm-exporter-service", "neuron-monitor-service" ]
+  verbs: [ "delete","patch","update" ]
+- apiGroups: [ "apps" ]
+  resources: [ "daemonsets" ]
+  verbs: [ "create","delete","get","list","patch","update","watch" ]
+- apiGroups: [ "apps" ]
+  resources: [ "deployments" ]
+  verbs: [ "create","delete","get","list","patch","update","watch" ]
+- apiGroups: [ "apps" ]
+  resources: [ "statefulsets" ]
+  verbs: [ "create","delete","get","list","patch","update","watch" ]
+- apiGroups: [ "apps" ]
+  resources: [ "replicasets" ]
+  verbs: [ "get","list","watch" ]
+- apiGroups: [ "cloudwatch.aws.amazon.com" ]
+  resources: [ "amazoncloudwatchagents", "dcgmexporters", "neuronmonitors" ]
+  verbs: [ "get","list","patch","update","watch" ]
+- apiGroups: [ "cloudwatch.aws.amazon.com" ]
+  resources: [ "amazoncloudwatchagents/finalizers", "dcgmexporters/finalizers", "neuronmonitors/finalizers" ]
+  verbs: [ "get","patch","update" ]
+- apiGroups: [ "cloudwatch.aws.amazon.com" ]
+  resources: [ "amazoncloudwatchagents/status", "dcgmexporters/status", "neuronmonitors/status" ]
+  verbs: [ "get","patch","update" ]
+- apiGroups: [ "cloudwatch.aws.amazon.com" ]
+  resources: [ "instrumentations" ]
+  verbs: [ "get","list","patch","update","watch" ]
\ No newline at end of file