diff --git a/infra/azure/terraform/capz/role-assignments/main.tf b/infra/azure/terraform/capz/role-assignments/main.tf
index b10a4c428ed..e70ada8e990 100644
--- a/infra/azure/terraform/capz/role-assignments/main.tf
+++ b/infra/azure/terraform/capz/role-assignments/main.tf
@@ -48,6 +48,12 @@ resource "azurerm_role_assignment" "acr_pull" {
   scope                = var.container_registry_scope
 }
 
+resource "azurerm_role_assignment" "acr_push" {
+  principal_id         = data.azuread_service_principal.az_service_principal.id
+  role_definition_name = "AcrPush"
+  scope                = var.container_registry_scope
+}
+
 resource "azurerm_role_definition" "custom_role" {
   name  = "WriteAccessOnly"
   scope = "/subscriptions/${var.subscription_id}"