diff --git a/config/rbac/aggregation_role.yaml b/config/rbac/aggregation_role.yaml
new file mode 100644
index 00000000000..07102e208b6
--- /dev/null
+++ b/config/rbac/aggregation_role.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: aggregated-manager-role
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      cluster.x-k8s.io/aggregate-to-capz-manager: "true"
+rules: []
\ No newline at end of file
diff --git a/config/rbac/capz_manager_role_patch.yaml b/config/rbac/capz_manager_role_patch.yaml
new file mode 100644
index 00000000000..1704966d935
--- /dev/null
+++ b/config/rbac/capz_manager_role_patch.yaml
@@ -0,0 +1,6 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+  labels:
+    cluster.x-k8s.io/aggregate-to-capz-manager: "true"
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index e82521ffdcc..c9cfa1c0782 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -2,7 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - role.yaml
+- aggregation_role.yaml
 - role_binding.yaml
 - service_account.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+
+patches:
+- path: capz_manager_role_patch.yaml
\ No newline at end of file
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
index 5a95f66d6f8..c2d7565e283 100644
--- a/config/rbac/role_binding.yaml
+++ b/config/rbac/role_binding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: aggregated-manager-role
 subjects:
 - kind: ServiceAccount
   name: manager