diff --git a/terraform/dotnet/k8s/deploy/main.tf b/terraform/dotnet/k8s/deploy/main.tf
index 277c7a49e..deecdb2d8 100644
--- a/terraform/dotnet/k8s/deploy/main.tf
+++ b/terraform/dotnet/k8s/deploy/main.tf
@@ -83,6 +83,9 @@ resource "null_resource" "deploy" {
         sleep 10
         kubectl wait --for=condition=Ready pod --all -n amazon-cloudwatch
       elif [ "${var.repository}" = "amazon-cloudwatch-agent" ]; then
+        # tempory fix for missing permissions that will be added by next release of cloudwatch agent operator
+        kubectl patch clusterrole cloudwatch-agent-role --type=json \
+        -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["discovery.k8s.io"], "resources": ["endpointslices"], "verbs": ["list", "watch", "get"]}}]'
         kubectl patch amazoncloudwatchagents -n amazon-cloudwatch cloudwatch-agent --type='json' -p='[{"op": "replace", "path": "/spec/image", "value": ${var.patch_image_arn}}]'
         kubectl delete pods --all -n amazon-cloudwatch
         sleep 10
diff --git a/terraform/java/k8s/deploy/main.tf b/terraform/java/k8s/deploy/main.tf
index 6af63d4d0..7b364ec87 100644
--- a/terraform/java/k8s/deploy/main.tf
+++ b/terraform/java/k8s/deploy/main.tf
@@ -84,6 +84,9 @@ resource "null_resource" "deploy" {
         sleep 10
         kubectl wait --for=condition=Ready pod --all -n amazon-cloudwatch
       elif [ "${var.repository}" = "amazon-cloudwatch-agent" ]; then
+        # tempory fix for missing permissions that will be added by next release of cloudwatch agent operator
+        kubectl patch clusterrole cloudwatch-agent-role --type=json \
+        -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["discovery.k8s.io"], "resources": ["endpointslices"], "verbs": ["list", "watch", "get"]}}]'
         kubectl patch amazoncloudwatchagents -n amazon-cloudwatch cloudwatch-agent --type='json' -p='[{"op": "replace", "path": "/spec/image", "value": ${var.patch_image_arn}}]'
         kubectl delete pods --all -n amazon-cloudwatch
         sleep 10
diff --git a/terraform/node/k8s/deploy/main.tf b/terraform/node/k8s/deploy/main.tf
index 1843fe135..4f15f99ba 100644
--- a/terraform/node/k8s/deploy/main.tf
+++ b/terraform/node/k8s/deploy/main.tf
@@ -86,6 +86,9 @@ resource "null_resource" "deploy" {
         sleep 10
         kubectl wait --for=condition=Ready pod --all -n amazon-cloudwatch
       elif [ "${var.repository}" = "amazon-cloudwatch-agent" ]; then
+        # tempory fix for missing permissions that will be added by next release of cloudwatch agent operator
+        kubectl patch clusterrole cloudwatch-agent-role --type=json \
+        -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["discovery.k8s.io"], "resources": ["endpointslices"], "verbs": ["list", "watch", "get"]}}]'
         kubectl patch amazoncloudwatchagents -n amazon-cloudwatch cloudwatch-agent --type='json' -p='[{"op": "replace", "path": "/spec/image", "value": ${var.patch_image_arn}}]'
         kubectl delete pods --all -n amazon-cloudwatch
         sleep 10
diff --git a/terraform/python/k8s/deploy/main.tf b/terraform/python/k8s/deploy/main.tf
index 852e8b906..6acdf9dfe 100644
--- a/terraform/python/k8s/deploy/main.tf
+++ b/terraform/python/k8s/deploy/main.tf
@@ -85,6 +85,9 @@ resource "null_resource" "deploy" {
         sleep 10
         kubectl wait --for=condition=Ready pod --all -n amazon-cloudwatch
       elif [ "${var.repository}" = "amazon-cloudwatch-agent" ]; then
+        # tempory fix for missing permissions that will be added by next release of cloudwatch agent operator
+        kubectl patch clusterrole cloudwatch-agent-role --type=json \
+        -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["discovery.k8s.io"], "resources": ["endpointslices"], "verbs": ["list", "watch", "get"]}}]'
         kubectl patch amazoncloudwatchagents -n amazon-cloudwatch cloudwatch-agent --type='json' -p='[{"op": "replace", "path": "/spec/image", "value": ${var.patch_image_arn}}]'
         kubectl delete pods --all -n amazon-cloudwatch
         sleep 10