apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kyverno:rbac
  labels:
    rbac.kyverno.io/aggregate-to-background-controller: "true"
    rbac.kyverno.io/aggregate-to-admission-controller: "true"
rules:
- apiGroups:
  - iam.aws.crossplane.io
  resources:
  - roles
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete