diff --git a/bootstrap/core/tools/kustomization.yaml b/bootstrap/core/tools/kustomization.yaml
index d1a2bea4..6905870c 100644
--- a/bootstrap/core/tools/kustomization.yaml
+++ b/bootstrap/core/tools/kustomization.yaml
@@ -4,6 +4,7 @@ bases:
 - argocd
 - dispatcher
 - babylon
+- tower
 resources:
 - lodestar-engagements-project.yaml
 - lodestar-tools-project.yaml
diff --git a/bootstrap/core/tools/tower/ansible-tower-role.yaml b/bootstrap/core/tools/tower/ansible-tower-role.yaml
new file mode 100644
index 00000000..83dccfdc
--- /dev/null
+++ b/bootstrap/core/tools/tower/ansible-tower-role.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+   name: ansible-tower
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - argoproj.io
+  - anarchy.gpte.redhat.com
+  - gpte.redhat.com
+  - poolboy.gpte.redhat.com
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ansible-tower
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ansible-tower
+subjects:
+- kind: ServiceAccount
+  name: awx
+  namespace: lodestar-tower
diff --git a/bootstrap/core/tools/tower/kustomization.yaml b/bootstrap/core/tools/tower/kustomization.yaml
new file mode 100644
index 00000000..cd4a1914
--- /dev/null
+++ b/bootstrap/core/tools/tower/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ansible-tower-role.yaml