diff --git a/filebeat/templates/role.yaml b/filebeat/templates/role.yaml
new file mode 100644
index 000000000..fe3cf924f
--- /dev/null
+++ b/filebeat/templates/role.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.managedServiceAccount }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "filebeat.serviceAccount" . }}-role
+  labels:
+    app: "{{ template "filebeat.fullname" . }}"
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs: ["get", "create", "update"]
+{{- end -}}
diff --git a/metricbeat/templates/role.yaml b/metricbeat/templates/role.yaml
new file mode 100644
index 000000000..2016e2894
--- /dev/null
+++ b/metricbeat/templates/role.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.managedServiceAccount }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "metricbeat.serviceAccount" . }}-role
+  labels:
+    app: "{{ template "metricbeat.fullname" . }}"
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs: ["get", "create", "update"]
+{{- end -}}
diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml
index 6d01ae073..fddca7070 100755
--- a/metricbeat/values.yaml
+++ b/metricbeat/values.yaml
@@ -259,6 +259,10 @@ clusterRoleRules:
     resources:
       - nodes/stats
     verbs: ["get"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources:
+      - leases
+    verbs: ["create", "get", "list", "update"]
 
 podAnnotations: {}
 # iam.amazonaws.com/role: es-cluster