diff --git a/CHANGELOG.md b/CHANGELOG.md
index e710b89..e33f1d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Add support for removing some IAM permissions from the capa controller role in BYOVPC installations.
 - CAPA role CloudFormation template: switch from inline to managed policies for the CAPA IAM role.
+- Add CAPA permissions for ASG lifecycle hooks
 
 ## [4.2.0] - 2024-09-04
 
diff --git a/capa-controller-role/capa-controller-policy.json b/capa-controller-role/capa-controller-policy.json
index 5fd4389..6b8307b 100644
--- a/capa-controller-role/capa-controller-policy.json
+++ b/capa-controller-role/capa-controller-policy.json
@@ -46,6 +46,9 @@
                 "autoscaling:SuspendProcesses",
                 "autoscaling:DescribeAutoScalingInstances",
                 "autoscaling:TerminateInstanceInAutoScalingGroup",
+                "autoscaling:DeleteLifecycleHook",
+                "autoscaling:DescribeLifecycleHooks",
+                "autoscaling:PutLifecycleHook",
                 "ec2:CreateLaunchTemplate",
                 "ec2:CreateLaunchTemplateVersion",
                 "ec2:DescribeLaunchTemplates",
diff --git a/capa-controller-role/cloud-formation-template.yaml b/capa-controller-role/cloud-formation-template.yaml
index ab775b3..a308f76 100644
--- a/capa-controller-role/cloud-formation-template.yaml
+++ b/capa-controller-role/cloud-formation-template.yaml
@@ -111,6 +111,9 @@ Resources:
               - "autoscaling:SuspendProcesses"
               - "autoscaling:DescribeAutoScalingInstances"
               - "autoscaling:TerminateInstanceInAutoScalingGroup"
+              - "autoscaling:DeleteLifecycleHook"
+              - "autoscaling:DescribeLifecycleHooks"
+              - "autoscaling:PutLifecycleHook"
               - "ec2:CreateLaunchTemplate"
               - "ec2:CreateLaunchTemplateVersion"
               - "ec2:DescribeLaunchTemplates"