diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts
index 080044b0b36ea..b8c364f8759ed 100644
--- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts
+++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts
@@ -78,7 +78,16 @@ export class ClusterResource extends Construct {
     }));
 
     this.creationRole.addToPolicy(new iam.PolicyStatement({
-      actions: [ 'eks:CreateCluster', 'eks:DescribeCluster', 'eks:DeleteCluster', 'eks:UpdateClusterVersion', 'eks:UpdateClusterConfig', 'eks:CreateFargateProfile' ],
+      actions: [
+        'eks:CreateCluster',
+        'eks:DescribeCluster',
+        'eks:DeleteCluster',
+        'eks:UpdateClusterVersion',
+        'eks:UpdateClusterConfig',
+        'eks:CreateFargateProfile',
+        'eks:TagResource',
+        'eks:UntagResource'
+      ],
       resources: resourceArns
     }));
 
diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json
index b880d3f94c350..d18ed1c8c32d1 100644
--- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json
+++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json
@@ -784,7 +784,9 @@
                 "eks:DeleteCluster",
                 "eks:UpdateClusterVersion",
                 "eks:UpdateClusterConfig",
-                "eks:CreateFargateProfile"
+                "eks:CreateFargateProfile",
+                "eks:TagResource",
+                "eks:UntagResource"
               ],
               "Effect": "Allow",
               "Resource": [
diff --git a/packages/@aws-cdk/aws-eks/test/test.cluster.ts b/packages/@aws-cdk/aws-eks/test/test.cluster.ts
index 4677bdc5733f8..c76bd3b47a601 100644
--- a/packages/@aws-cdk/aws-eks/test/test.cluster.ts
+++ b/packages/@aws-cdk/aws-eks/test/test.cluster.ts
@@ -718,7 +718,9 @@ export = {
                 'eks:DeleteCluster',
                 'eks:UpdateClusterVersion',
                 'eks:UpdateClusterConfig',
-                'eks:CreateFargateProfile'
+                'eks:CreateFargateProfile',
+                'eks:TagResource',
+                'eks:UntagResource'
               ],
               Effect: 'Allow',
               Resource: [ {
@@ -826,7 +828,9 @@ export = {
                 'eks:DeleteCluster',
                 'eks:UpdateClusterVersion',
                 'eks:UpdateClusterConfig',
-                'eks:CreateFargateProfile'
+                'eks:CreateFargateProfile',
+                'eks:TagResource',
+                'eks:UntagResource'
               ],
               Effect: 'Allow',
               Resource: [ '*' ]