diff --git a/capa-controller-role/capa-controller-policy.json b/capa-controller-role/capa-controller-policy.json
index 0ab4397..a72e884 100644
--- a/capa-controller-role/capa-controller-policy.json
+++ b/capa-controller-role/capa-controller-policy.json
@@ -51,6 +51,7 @@
                 "ec2:DetachInternetGateway",
                 "ec2:DisassociateRouteTable",
                 "ec2:DisassociateAddress",
+		"ec2:DisassociateVpcCidrBlock",
                 "ec2:ModifyInstanceAttribute",
                 "ec2:ModifyNetworkInterfaceAttribute",
                 "ec2:ModifySubnetAttribute",
diff --git a/capa-controller-role/cleanup.sh b/capa-controller-role/cleanup.sh
index 3ea6d0d..453aebd 100644
--- a/capa-controller-role/cleanup.sh
+++ b/capa-controller-role/cleanup.sh
@@ -8,7 +8,7 @@ GREEN='\033[0;32m'
 NC='\033[0m'
 
 ROLE_NAME="giantswarm-${INSTALLATION_NAME}-capa-controller"
-AWS_ACCOUNT_ID="$(aws sts get-caller-identity --profile ${INSTALLATION_NAME} --output text --query 'Account')"
+AWS_ACCOUNT_ID="$(aws sts get-caller-identity --output text --query 'Account')"
 
 POL_TYPES=("capa-controller" "dns-controller" "eks-controller" "iam-controller" "irsa-controller" "resolver-rule-operator" "network-topology-controller")
 POL_ARN_PREFIX="arn:aws:iam::${AWS_ACCOUNT_ID}:policy"