diff --git a/aws_lb_controller.tf b/aws_lb_controller.tf
index 22bb645..9ebaab2 100644
--- a/aws_lb_controller.tf
+++ b/aws_lb_controller.tf
@@ -71,6 +71,7 @@ data "aws_iam_policy_document" "lb_controller" {
       "wafv2:GetWebACLForResource",
       "wafv2:AssociateWebACL",
       "wafv2:DisassociateWebACL",
+      "wafv2:ListWebACLs",
       "shield:GetSubscriptionState",
       "shield:DescribeProtection",
       "shield:CreateProtection",